Re: kernel: gfs2 acl issue

[Dan Rosenberg <dan.j.rosenberg () gmail com>]

Kernels prior to 2.6.32 are not vulnerable.

-Dan

On Fri, Jul 9, 2010 at 1:48 PM, akuster <akuster () mvista com> wrote:
> Dan,
>
> Is 2.6.32 the earliest kernel showing the problem or just what was tested?
>
> Regards,
> Armin
>
> On 07/08/2010 05:56 PM, Dan Rosenberg wrote:
> > To elaborate on the issue: the gfs2 filesystem in 2.6.32 kernels
> > currently allows any user to set arbitrary ACLs for files they do not
> > own, essentially granting full access to everything.  The source of
> > this problem also caused other misbehavior of ACLs.  This fix resolved
> > the issue for 2.6.33, but it was not backported, so 2.6.32 remains
> > vulnerable.
> >
> > -Dan
> >
> > On Thu, Jul 8, 2010 at 11:47 PM, Eugene Teo <eugeneteo () kernel sg> wrote:
> > > Upstream commit 2646a1f6 (2.6.33-rc1) fixed an interesting gfs2 acl issue
> > > late last year. Thanks Dan Rosenberg for informing us about this.
> > >
> > > http://git.kernel.org/linus/2646a1f61a3b5525914757f10fa12b5b94713648
> > >
> > > I didn't request a CVE name for this but if you need one, ping Steve.
> > >
> > > Thanks, Eugene
> > > --
> > > main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }