aboutsummaryrefslogtreecommitdiffstats
path: root/module/os/linux/spl
diff options
context:
space:
mode:
authorRyan Moeller <[email protected]>2022-03-18 08:47:57 -0400
committerGitHub <[email protected]>2022-03-18 06:47:57 -0600
commitd42979c6ef1ec10b041c3394d969643f8862f7c3 (patch)
tree3b3614a9635ab5f8f3017afefdc8d36e28f44558 /module/os/linux/spl
parenta5920d24c04b64a96b4bd6be43a591a29f278b16 (diff)
Fix ACL checks for NFS kernel server
This PR changes ZFS ACL checks to evaluate fsuid / fsgid rather than euid / egid to avoid accidentally granting elevated permissions to NFS clients. Reviewed-by: Serapheim Dimitropoulos <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Co-authored-by: Andrew Walker <[email protected]> Signed-off-by: Ryan Moeller <[email protected]> Closes #13221
Diffstat (limited to 'module/os/linux/spl')
-rw-r--r--module/os/linux/spl/spl-cred.c42
1 files changed, 1 insertions, 41 deletions
diff --git a/module/os/linux/spl/spl-cred.c b/module/os/linux/spl/spl-cred.c
index 8fe1cc30b..f81b9540a 100644
--- a/module/os/linux/spl/spl-cred.c
+++ b/module/os/linux/spl/spl-cred.c
@@ -128,7 +128,7 @@ groupmember(gid_t gid, const cred_t *cr)
uid_t
crgetuid(const cred_t *cr)
{
- return (KUID_TO_SUID(cr->euid));
+ return (KUID_TO_SUID(cr->fsuid));
}
/* Return the real user id */
@@ -138,45 +138,10 @@ crgetruid(const cred_t *cr)
return (KUID_TO_SUID(cr->uid));
}
-/* Return the saved user id */
-uid_t
-crgetsuid(const cred_t *cr)
-{
- return (KUID_TO_SUID(cr->suid));
-}
-
-/* Return the filesystem user id */
-uid_t
-crgetfsuid(const cred_t *cr)
-{
- return (KUID_TO_SUID(cr->fsuid));
-}
-
/* Return the effective group id */
gid_t
crgetgid(const cred_t *cr)
{
- return (KGID_TO_SGID(cr->egid));
-}
-
-/* Return the real group id */
-gid_t
-crgetrgid(const cred_t *cr)
-{
- return (KGID_TO_SGID(cr->gid));
-}
-
-/* Return the saved group id */
-gid_t
-crgetsgid(const cred_t *cr)
-{
- return (KGID_TO_SGID(cr->sgid));
-}
-
-/* Return the filesystem group id */
-gid_t
-crgetfsgid(const cred_t *cr)
-{
return (KGID_TO_SGID(cr->fsgid));
}
@@ -184,12 +149,7 @@ EXPORT_SYMBOL(crhold);
EXPORT_SYMBOL(crfree);
EXPORT_SYMBOL(crgetuid);
EXPORT_SYMBOL(crgetruid);
-EXPORT_SYMBOL(crgetsuid);
-EXPORT_SYMBOL(crgetfsuid);
EXPORT_SYMBOL(crgetgid);
-EXPORT_SYMBOL(crgetrgid);
-EXPORT_SYMBOL(crgetsgid);
-EXPORT_SYMBOL(crgetfsgid);
EXPORT_SYMBOL(crgetngroups);
EXPORT_SYMBOL(crgetgroups);
EXPORT_SYMBOL(groupmember);