Bug#873026: ext4: does clear SGID when inheriting ACLs under certain circumstances (regression introduced by CVE-2016-7097 fix)
Source: linux
Version: 4.7.8-1
Severity: important
Tags: patch security upstream fixed-upstream
Control: found -1 3.16.39-1
Control: found -1 3.2.84-1
Control: fixed -1 4.12.6-1
Control: fixed -1 4.13~rc5-1~exp1
# tagged security since introduced by a previous security fix, and
# might have some security implications.
Opening a bug for tracking status:
The fix for CVE-2016-7097 introduced a regression, where the sgid bit
might be cleared under some cirumstances:
> When new directory 'DIR1' is created in a directory 'DIR0' with SGID
> bit set, DIR1 is expected to have SGID bit set (and owning group
> equal to the owning group of 'DIR0'). However when 'DIR0' also has
> some default ACLs that 'DIR1' inherits, setting these ACLs will
> result in SGID bit on 'DIR1' to get cleared if user is not member of
> the owning group.
Fixes:
a3bb2d558752 ext4: Don't clear SGID when inheriting ACLs
9bcf66c72d72 jfs: Don't clear SGID when inheriting ACLs
84969465ddc4 hfsplus: Don't clear SGID when inheriting ACLs
a992f2d38e4c ext2: Don't clear SGID when inheriting ACLs
6883cd7f6824 reiserfs: Don't clear SGID when inheriting ACLs
c925dc162f77 f2fs: Don't clear SGID when inheriting ACLs
b7f8a09f8097 btrfs: Don't clear SGID when inheriting ACLs
8ba358756aa0 xfs: Don't clear SGID when inheriting ACLs
Regards,
Salvatore
Reply to: