github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
eaeafcd898
linux/net
History
NeilBrown 6fa9e3e3e0 NFS/sunrpc: don't use a credential with extra groups. 
commit dc6f55e9f8 upstream.

The sunrpc layer keeps a cache of recently used credentials and
'unx_match' is used to find the credential which matches the current
process.

However unx_match allows a match when the cached credential has extra
groups at the end of uc_gids list which are not in the process group list.

So if a process with a list of (say) 4 group accesses a file and gains
access because of the last group in the list, then another process
with the same uid and gid, and a gid list being the first tree of the
gids of the original process tries to access the file, it will be
granted access even though it shouldn't as the wrong rpc credential
will be used.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-11-11 09:37:07 -08:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-10-03 11:40:22 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q vlan: reset headers on accel emulation path 2011-10-03 11:40:55 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm atm: br2684: Fix oops due to skb->dev being NULL 2011-10-03 11:39:57 -07:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
bluetooth Bluetooth: Fix timeout on scanning for the second time 2011-10-03 11:41:01 -07:00
bridge bridge: leave carrier on for empty bridge 2011-11-11 09:36:49 -08:00
caif caif: Fix BUG() with network namespaces 2011-11-11 09:35:47 -08:00
can can bcm: fix incomplete tx_setup fix 2011-11-11 09:36:45 -08:00
ceph ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
core net: Unlock sock before calling sk_free() 2011-11-11 09:36:50 -08:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-08-15 18:31:38 -07:00
ieee802154 ieee802154: Don't leak memory in ieee802154_nl_fill_phy 2011-06-13 18:03:22 -04:00
ipv4 tcp: properly update lost_cnt_hint during shifting 2011-11-11 09:36:28 -08:00
ipv6 ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket 2011-11-11 09:36:28 -08:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlock 2011-06-06 17:00:35 -07:00
iucv [S390] irq: merge irq.c and s390_ext.c 2011-05-26 09:48:24 +02:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp l2tp: fix a potential skb leak in l2tp_xmit_skb() 2011-11-11 09:36:26 -08:00
lapb
llc llc: Fix length check in llc_fixup_skb(). 2011-04-11 18:59:05 -07:00
mac80211 mac80211: fix offchannel TX cookie matching 2011-11-11 09:35:51 -08:00
netfilter IPVS: Free resources on module removal 2011-08-15 18:31:37 -07:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
netrom NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
packet make PACKET_STATISTICS getsockopt report consistently between ring and non-ring 2011-11-11 09:36:29 -08:00
phonet net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
rds RDMA/cma: Pass QP type into rdma_create_id() 2011-05-25 13:46:23 -07:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched net_sched: prio: use qdisc_dequeue_peeked 2011-10-03 11:40:53 -07:00
sctp net: sctp: fix checksum marking for outgoing packets 2011-07-14 15:16:31 -07:00
sunrpc NFS/sunrpc: don't use a credential with extra groups. 2011-11-11 09:37:07 -08:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless cfg80211: Fix validation of AKM suites 2011-10-03 11:41:10 -07:00
x25 x25: Prevent skb overreads when checking call user data 2011-10-25 07:10:17 +02:00
xfrm xfrm: Perform a replay check after return from async codepaths 2011-10-03 11:40:55 -07:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-10-03 11:39:54 -07:00
sysctl_net.c
TUNABLE