Re: [PATCH] CRED: Fix NFSD regression

From: James Morris
Date: Mon Jan 05 2009 - 17:23:43 EST

Next message: Andrew Morton: "Re: mmotm 2009-01-05-12-50 uploaded (ubifs)"
Previous message: Masami Hiramatsu: "[PATCH][bugfix] kprobes: fix module compilation error with CONFIG_KPROBES=n"
In reply to: David Howells: "[PATCH] CRED: Fix NFSD regression"
Next in thread: J. Bruce Fields: "Re: [PATCH] CRED: Fix NFSD regression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 5 Jan 2009, David Howells wrote:

> Fix a regression in NFSD's permission checking introduced by the credentials
> patches. There are two parts to the problem, both in nfsd_setuser():
>
> (1) The return value of set_groups() is -ve if in error, not 0, and should be
> checked appropriately. 0 indicates success.
>
> (2) The UID to use for fs accesses is in new->fsuid, not new->uid (which is
> 0). This causes CAP_DAC_OVERRIDE to always be set, rather than being
> cleared if the UID is anything other than 0 after squashing.
>
> Reported-by: J. Bruce Fields <bfields@xxxxxxxxxxxx>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>

Acked-by: James Morris <jmorris@xxxxxxxxx>

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: mmotm 2009-01-05-12-50 uploaded (ubifs)"
Previous message: Masami Hiramatsu: "[PATCH][bugfix] kprobes: fix module compilation error with CONFIG_KPROBES=n"
In reply to: David Howells: "[PATCH] CRED: Fix NFSD regression"
Next in thread: J. Bruce Fields: "Re: [PATCH] CRED: Fix NFSD regression"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]