oss-sec mailing list archives
Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
From: cve-assign () mitre org
Date: Fri, 26 Aug 2016 15:32:07 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://www.spinics.net/lists/linux-fsdevel/msg98328.html http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=1368938 When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2).
Use CVE-2016-7097. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXwJjjAAoJEHb/MwWLVhi284YP/ihwFVoOjVLV9YP0yvlP/659 WSAvWtzaMIG6QuQvvJ5G9SdEhHTr7Jj1kvG0ro1pVKLHp7qjyJaKpGBTQHCcLJiP Y90qISQr59A9ar25u7TuCEzsBxmIxgj474jk8PQQDG3AgekMfxyWYRFiowpzZW1i oi4ruafp0pXwIj11iXtQH0fsyDfSZ19R9q7xCxm7P6aJKHT8OyJBcsvHmKunBodx usfOWEPslskKWXkR5QPLVJdDmUaemDQTWqoVxUW3DjKBqda6YnmUWlV2DcQNpKxz BOoak6kfSk9Oo8o37TGvFSqSRr5TEADZXQtIHSOpojK97AWY9MS1wDQI4Vw67Ift 626pc/Eg7eI/kSXuY+/v3XFK9P5Eml9xrciRyeQEQYbU3+jYNZ36QT0mSx/wniq4 Y9WsYw2r+FxQjj9F4Er3LEBKdGEv9Zz1B359/VvP747wIC9QYGI6X88PGxlFmp0I zU/lSHz0K3hp/3tAjfs9LeGNZmjW6JJqfbX0EBReF1OL1UexbXrEZ2AYWuP6x0E9 UjrGrADbN/d6ZJljO2cgtGZURfiek3c8dFBrq44Brc4ZRs3zK5YbEORXbFd44gWM PRJnTHnfb+FVMcPVmeWgobMDMGjzXB6JTceS8gS6+9SNdnYgKsMuQ7ZTmAEIG2zV OmwRfyzqMNzGOiB7/ZS/ =9rZk -----END PGP SIGNATURE-----
Current thread:
- CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Vladis Dronov (Aug 26)
- Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit cve-assign (Aug 26)
- Message not available