Linux v4.17.5
This commit is contained in:
parent
1a9181ff17
commit
8f24bd8eab
|
@ -0,0 +1,47 @@
|
|||
From 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Tue, 3 Jul 2018 17:10:19 -0700
|
||||
Subject: [PATCH] Fix up non-directory creation in SGID directories
|
||||
|
||||
sgid directories have special semantics, making newly created files in
|
||||
the directory belong to the group of the directory, and newly created
|
||||
subdirectories will also become sgid. This is historically used for
|
||||
group-shared directories.
|
||||
|
||||
But group directories writable by non-group members should not imply
|
||||
that such non-group members can magically join the group, so make sure
|
||||
to clear the sgid bit on non-directories for non-members (but remember
|
||||
that sgid without group execute means "mandatory locking", just to
|
||||
confuse things even more).
|
||||
|
||||
Reported-by: Jann Horn <jannh@google.com>
|
||||
Cc: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: Al Viro <viro@zeniv.linux.org.uk>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Signed-off-by: Jeremy Cline <jcline@redhat.com>
|
||||
---
|
||||
fs/inode.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/fs/inode.c b/fs/inode.c
|
||||
index 2c300e981796..8c86c809ca17 100644
|
||||
--- a/fs/inode.c
|
||||
+++ b/fs/inode.c
|
||||
@@ -1999,8 +1999,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir,
|
||||
inode->i_uid = current_fsuid();
|
||||
if (dir && dir->i_mode & S_ISGID) {
|
||||
inode->i_gid = dir->i_gid;
|
||||
+
|
||||
+ /* Directories are special, and always inherit S_ISGID */
|
||||
if (S_ISDIR(mode))
|
||||
mode |= S_ISGID;
|
||||
+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
|
||||
+ !in_group_p(inode->i_gid) &&
|
||||
+ !capable_wrt_inode_uidgid(dir, CAP_FSETID))
|
||||
+ mode &= ~S_ISGID;
|
||||
} else
|
||||
inode->i_gid = current_fsgid();
|
||||
inode->i_mode = mode;
|
||||
--
|
||||
2.17.1
|
||||
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 4
|
||||
%define stable_update 5
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -665,6 +665,9 @@ Patch522: 0001-xfs-don-t-call-xfs_da_shrink_inode-with-NULL-bp.patch
|
|||
# CVE-2018-13095 rhbz 1597775 1597777
|
||||
Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch
|
||||
|
||||
# CVE-2018-13405 rhbz 1599161 1599162
|
||||
Patch524: CVE-2018-13405.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1914,6 +1917,10 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Jul 09 2018 Jeremy Cline <jcline@redhat.com> - 4.17.5-100
|
||||
- Linux v4.17.5
|
||||
- Fix CVE-2018-13405 (rhbz 1599161 1599162)
|
||||
|
||||
* Thu Jul 05 2018 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Fix CVE-2018-13053 (rhbz 1597747 1597748)
|
||||
- Fix CVE-2018-12896 (rhbz 1597759 1597760)
|
||||
|
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db
|
||||
SHA512 (patch-4.17.4.xz) = 0a9f976e7cf2c2cc9ba29b5eb45a6b9722059674efa99153bf449537e022426138a0848cfdb69e1df4a1a3b71ee7c9de92b4086799d0e15f44f8356b2fd63754
|
||||
SHA512 (patch-4.17.5.xz) = 2623f82b4664b5ef6af4f1f9e2758661d7c3b4b7445990fb22b1a93d33006316a7a19c03d7dfccb0c49c7cfc2791c4b0aa6c543730ffc1d095c72402f060dd5c
|
||||
|
|
Loading…
Reference in New Issue