Hi! On Thu 10-11-16 16:59:17, Josh Hunt wrote: > You are the author of commit 073931017b49 ("posix_acl: Clear SGID bit when > setting file permissions") which has been identified to resolve > CVE-2016-7097, but is missing from linux-4.1.y. > > If you believe this commit should be part of linux-4.1.y can you please > reply with your approval for its inclusion? Yes, the problem exists all the way back, I belive since ACLs were introduced. Definitely exists in 3.0 which is the oldest version I've checked. The patch may need some massaging to apply which is why it didn't get into 4.1 I assume. And the backport will need a review because all filesystems supporting ACLs need to be handled where frankly I'm not quite sure the bug-severity / effort is worth it. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html