c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-25 11:47:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix ACL checks for NFS kernel server

Browse Source 
This PR changes ZFS ACL checks to evaluate
fsuid / fsgid rather than euid / egid to avoid
accidentally granting elevated permissions to
NFS clients.

Reviewed-by: Serapheim Dimitropoulos <serapheim@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ryan Moeller <freqlabs@FreeBSD.org>
Closes #13221
This commit is contained in:
Ryan Moeller
2022-03-18 08:47:57 -04:00
committed by GitHub
parent a5920d24c0
commit d42979c6ef
12 changed files with 27 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files
module/os/linux/zfs/zpl_inode.c
+2 -2
View File
@@ -116,14 +116,14 @@ zpl_vap_init(vattr_t *vap, struct inode *dir, umode_t mode, cred_t *cr)
{
vap->va_mask = ATTR_MODE;
vap->va_mode = mode;
vap->va_uid = crgetfsuid(cr);
vap->va_uid = crgetuid(cr);
if (dir && dir->i_mode & S_ISGID) {
vap->va_gid = KGID_TO_SGID(dir->i_gid);
if (S_ISDIR(mode))
vap->va_mode |= S_ISGID;
} else {
vap->va_gid = crgetfsgid(cr);
vap->va_gid = crgetgid(cr);
}
}