diff options
author | Ryan Moeller <[email protected]> | 2022-03-18 08:47:57 -0400 |
---|---|---|
committer | GitHub <[email protected]> | 2022-03-18 06:47:57 -0600 |
commit | d42979c6ef1ec10b041c3394d969643f8862f7c3 (patch) | |
tree | 3b3614a9635ab5f8f3017afefdc8d36e28f44558 /module/os/linux/spl | |
parent | a5920d24c04b64a96b4bd6be43a591a29f278b16 (diff) |
Fix ACL checks for NFS kernel server
This PR changes ZFS ACL checks to evaluate
fsuid / fsgid rather than euid / egid to avoid
accidentally granting elevated permissions to
NFS clients.
Reviewed-by: Serapheim Dimitropoulos <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Co-authored-by: Andrew Walker <[email protected]>
Signed-off-by: Ryan Moeller <[email protected]>
Closes #13221
Diffstat (limited to 'module/os/linux/spl')
-rw-r--r-- | module/os/linux/spl/spl-cred.c | 42 |
1 files changed, 1 insertions, 41 deletions
diff --git a/module/os/linux/spl/spl-cred.c b/module/os/linux/spl/spl-cred.c index 8fe1cc30b..f81b9540a 100644 --- a/module/os/linux/spl/spl-cred.c +++ b/module/os/linux/spl/spl-cred.c @@ -128,7 +128,7 @@ groupmember(gid_t gid, const cred_t *cr) uid_t crgetuid(const cred_t *cr) { - return (KUID_TO_SUID(cr->euid)); + return (KUID_TO_SUID(cr->fsuid)); } /* Return the real user id */ @@ -138,45 +138,10 @@ crgetruid(const cred_t *cr) return (KUID_TO_SUID(cr->uid)); } -/* Return the saved user id */ -uid_t -crgetsuid(const cred_t *cr) -{ - return (KUID_TO_SUID(cr->suid)); -} - -/* Return the filesystem user id */ -uid_t -crgetfsuid(const cred_t *cr) -{ - return (KUID_TO_SUID(cr->fsuid)); -} - /* Return the effective group id */ gid_t crgetgid(const cred_t *cr) { - return (KGID_TO_SGID(cr->egid)); -} - -/* Return the real group id */ -gid_t -crgetrgid(const cred_t *cr) -{ - return (KGID_TO_SGID(cr->gid)); -} - -/* Return the saved group id */ -gid_t -crgetsgid(const cred_t *cr) -{ - return (KGID_TO_SGID(cr->sgid)); -} - -/* Return the filesystem group id */ -gid_t -crgetfsgid(const cred_t *cr) -{ return (KGID_TO_SGID(cr->fsgid)); } @@ -184,12 +149,7 @@ EXPORT_SYMBOL(crhold); EXPORT_SYMBOL(crfree); EXPORT_SYMBOL(crgetuid); EXPORT_SYMBOL(crgetruid); -EXPORT_SYMBOL(crgetsuid); -EXPORT_SYMBOL(crgetfsuid); EXPORT_SYMBOL(crgetgid); -EXPORT_SYMBOL(crgetrgid); -EXPORT_SYMBOL(crgetsgid); -EXPORT_SYMBOL(crgetfsgid); EXPORT_SYMBOL(crgetngroups); EXPORT_SYMBOL(crgetgroups); EXPORT_SYMBOL(groupmember); |