| From 05eccdfa79ea5a8059ba79213ec0cb6ef771a3d9 Mon Sep 17 00:00:00 2001 |
| From: NeilBrown <neilb@suse.de> |
| Date: Tue, 25 Oct 2011 10:25:49 +1100 |
| Subject: [PATCH] NFS/sunrpc: don't use a credential with extra groups. |
| |
| commit dc6f55e9f8dac4b6479be67c5c9128ad37bb491f upstream. |
| |
| The sunrpc layer keeps a cache of recently used credentials and |
| 'unx_match' is used to find the credential which matches the current |
| process. |
| |
| However unx_match allows a match when the cached credential has extra |
| groups at the end of uc_gids list which are not in the process group list. |
| |
| So if a process with a list of (say) 4 group accesses a file and gains |
| access because of the last group in the list, then another process |
| with the same uid and gid, and a gid list being the first tree of the |
| gids of the original process tries to access the file, it will be |
| granted access even though it shouldn't as the wrong rpc credential |
| will be used. |
| |
| Signed-off-by: NeilBrown <neilb@suse.de> |
| Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| --- |
| net/sunrpc/auth_unix.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c |
| index aac2f8b..c16f25d 100644 |
| --- a/net/sunrpc/auth_unix.c |
| +++ b/net/sunrpc/auth_unix.c |
| @@ -130,6 +130,9 @@ unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags) |
| for (i = 0; i < groups ; i++) |
| if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) |
| return 0; |
| + if (groups < NFS_NGROUPS && |
| + cred->uc_gids[groups] != NOGROUP) |
| + return 0; |
| return 1; |
| } |
| |
| -- |
| 1.7.12.rc1.1.gbce1580 |
| |