projects / freebsd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5920d2) | patch
Fix ACL checks for NFS kernel server
authorRyan Moeller <freqlabs@FreeBSD.org>
Fri, 18 Mar 2022 12:47:57 +0000 (08:47 -0400)
committerGitHub <noreply@github.com>
Fri, 18 Mar 2022 12:47:57 +0000 (06:47 -0600)
commitd42979c6ef1ec10b041c3394d969643f8862f7c3
tree3b3614a9635ab5f8f3017afefdc8d36e28f44558tree | snapshot
parenta5920d24c04b64a96b4bd6be43a591a29f278b16commit | diff
Fix ACL checks for NFS kernel server

This PR changes ZFS ACL checks to evaluate
fsuid / fsgid rather than euid / egid to avoid
accidentally granting elevated permissions to
NFS clients.

Reviewed-by: Serapheim Dimitropoulos <serapheim@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: Andrew Walker <awalker@ixsystems.com>
Signed-off-by: Ryan Moeller <freqlabs@FreeBSD.org>
Closes #13221
12 files changed:
include/os/freebsd/spl/sys/Makefile.am diff | blob | blame | history
include/os/freebsd/spl/sys/cred.h diff | blob | blame | history
include/os/freebsd/spl/sys/kidmap.h [deleted file] blob | blame | history
include/os/freebsd/spl/sys/sid.h diff | blob | blame | history
include/os/linux/spl/sys/cred.h diff | blob | blame | history
module/Makefile.bsd diff | blob | blame | history
module/os/freebsd/zfs/zfs_acl.c diff | blob | blame | history
module/os/freebsd/zfs/zfs_vnops_os.c diff | blob | blame | history
module/os/linux/spl/spl-cred.c diff | blob | blame | history
module/os/linux/zfs/policy.c diff | blob | blame | history
module/os/linux/zfs/zpl_inode.c diff | blob | blame | history
module/os/linux/zfs/zpl_xattr.c diff | blob | blame | history
FreeBSD Project Source