Fix ACL checks for NFS kernel server

This PR changes ZFS ACL checks to evaluate fsuid / fsgid rather than euid / egid to avoid accidentally granting elevated permissions to NFS clients. Reviewed-by: Serapheim Dimitropoulos <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Co-authored-by: Andrew Walker <[email protected]> Signed-off-by: Ryan Moeller <[email protected]> Closes #13221
author: Ryan Moeller <[email protected]> 2022-03-18 08:47:57 -0400
committer: GitHub <[email protected]> 2022-03-18 06:47:57 -0600
commit: d42979c6ef1ec10b041c3394d969643f8862f7c3 (patch)
tree: 3b3614a9635ab5f8f3017afefdc8d36e28f44558 /module/os/linux/zfs/zpl_xattr.c
parent: a5920d24c04b64a96b4bd6be43a591a29f278b16 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/module/os/linux/zfs/zpl_xattr.c b/module/os/linux/zfs/zpl_xattr.c
index 3b8ac517a..c53bf3c2a 100644
--- a/module/os/linux/zfs/zpl_xattr.c
+++ b/module/os/linux/zfs/zpl_xattr.c
@@ -492,8 +492,8 @@ zpl_xattr_set_dir(struct inode *ip, const char *name, const void *value,
 		vap = kmem_zalloc(sizeof (vattr_t), KM_SLEEP);
 		vap->va_mode = xattr_mode;
 		vap->va_mask = ATTR_MODE;
-		vap->va_uid = crgetfsuid(cr);
-		vap->va_gid = crgetfsgid(cr);
+		vap->va_uid = crgetuid(cr);
+		vap->va_gid = crgetgid(cr);
 
 		error = -zfs_create(dxzp, (char *)name, vap, 0, 0644, &xzp,
 		    cr, 0, NULL);
author	Ryan Moeller <[email protected]>	2022-03-18 08:47:57 -0400
committer	GitHub <[email protected]>	2022-03-18 06:47:57 -0600
commit	d42979c6ef1ec10b041c3394d969643f8862f7c3 (patch)
tree	3b3614a9635ab5f8f3017afefdc8d36e28f44558 /module/os/linux/zfs/zpl_xattr.c
parent	a5920d24c04b64a96b4bd6be43a591a29f278b16 (diff)