• Ben Hutchings's avatar
    nfsd: check permissions when setting ACLs · 99965378
    Ben Hutchings authored
    Use set_posix_acl, which includes proper permission checks, instead of
    calling ->set_acl directly.  Without this anyone may be able to grant
    themselves permissions to a file by setting the ACL.
    Lock the inode to make the new checks atomic with respect to set_acl.
    (Also, nfsd was the only caller of set_acl not locking the inode, so I
    suspect this may fix other races.)
    This also simplifies the code, and ensures our ACLs are checked by
    The permission checks and the inode locking were lost with commit
    4ac7249e, which changed nfsd to use the set_acl inode operation directly
    instead of going through xattr handlers.
    Reported-by: default avatarDavid Sinquin <david@sinquin.eu>
    [agreunba@redhat.com: use set_posix_acl]
    Fixes: 4ac7249e
    Cc: Christoph Hellwig <hch@infradead.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
nfs3acl.c 6.29 KB