aboutsummaryrefslogtreecommitdiffstats
path: root/module/os/linux/spl
diff options
context:
space:
mode:
authorBrian Behlendorf <[email protected]>2022-03-20 21:21:18 -0700
committerGitHub <[email protected]>2022-03-20 21:21:18 -0700
commit847d03060f9724fd6c40940e7e03b6b600316605 (patch)
treeed6f69f50a3c20fb74d7ebd7887860f261f0bb5a /module/os/linux/spl
parent9e3619c5355268948cefba4d8fbcd1aea3616236 (diff)
Fix ACL checks for NFS kernel server
This PR changes ZFS ACL checks to evaluate fsuid / fsgid rather than euid / egid to avoid accidentally granting elevated permissions to NFS clients. Reviewed-by: Serapheim Dimitropoulos <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Co-authored-by: Andrew Walker <[email protected]> Co-authored-by: Ryan Moeller <[email protected]> Signed-off-by: Ryan Moeller <[email protected]> Closes #13221
Diffstat (limited to 'module/os/linux/spl')
-rw-r--r--module/os/linux/spl/spl-cred.c42
1 files changed, 1 insertions, 41 deletions
diff --git a/module/os/linux/spl/spl-cred.c b/module/os/linux/spl/spl-cred.c
index 8fe1cc30b..f81b9540a 100644
--- a/module/os/linux/spl/spl-cred.c
+++ b/module/os/linux/spl/spl-cred.c
@@ -128,7 +128,7 @@ groupmember(gid_t gid, const cred_t *cr)
uid_t
crgetuid(const cred_t *cr)
{
- return (KUID_TO_SUID(cr->euid));
+ return (KUID_TO_SUID(cr->fsuid));
}
/* Return the real user id */
@@ -138,45 +138,10 @@ crgetruid(const cred_t *cr)
return (KUID_TO_SUID(cr->uid));
}
-/* Return the saved user id */
-uid_t
-crgetsuid(const cred_t *cr)
-{
- return (KUID_TO_SUID(cr->suid));
-}
-
-/* Return the filesystem user id */
-uid_t
-crgetfsuid(const cred_t *cr)
-{
- return (KUID_TO_SUID(cr->fsuid));
-}
-
/* Return the effective group id */
gid_t
crgetgid(const cred_t *cr)
{
- return (KGID_TO_SGID(cr->egid));
-}
-
-/* Return the real group id */
-gid_t
-crgetrgid(const cred_t *cr)
-{
- return (KGID_TO_SGID(cr->gid));
-}
-
-/* Return the saved group id */
-gid_t
-crgetsgid(const cred_t *cr)
-{
- return (KGID_TO_SGID(cr->sgid));
-}
-
-/* Return the filesystem group id */
-gid_t
-crgetfsgid(const cred_t *cr)
-{
return (KGID_TO_SGID(cr->fsgid));
}
@@ -184,12 +149,7 @@ EXPORT_SYMBOL(crhold);
EXPORT_SYMBOL(crfree);
EXPORT_SYMBOL(crgetuid);
EXPORT_SYMBOL(crgetruid);
-EXPORT_SYMBOL(crgetsuid);
-EXPORT_SYMBOL(crgetfsuid);
EXPORT_SYMBOL(crgetgid);
-EXPORT_SYMBOL(crgetrgid);
-EXPORT_SYMBOL(crgetsgid);
-EXPORT_SYMBOL(crgetfsgid);
EXPORT_SYMBOL(crgetngroups);
EXPORT_SYMBOL(crgetgroups);
EXPORT_SYMBOL(groupmember);