Bug 13375 - SMB1 UNIX extensions change wrong field in fchown.
Summary: SMB1 UNIX extensions change wrong field in fchown.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-09 16:32 UTC by Jeremy Allison
Modified: 2018-04-12 06:55 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 4.7.next, 4.8.next. (1.40 KB, patch)
2018-04-09 22:59 UTC, Jeremy Allison
ddiss: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2018-04-09 16:32:01 UTC
Cut-and-paste error means fchown call attempts to change uid when it should be changing gid. Not a security issue due to this being restricted to what the current user can change without elevated privileges.

Noticed by "Rungta, Vandana" <vrungta@amazon.com>.

Patch to follow.
Comment 1 Jeremy Allison 2018-04-09 22:59:55 UTC
Created attachment 14116 [details]
git-am fix for 4.7.next, 4.8.next.

Cherry-picked from master. Applies cleanly to both branches.
Comment 2 David Disseldorp 2018-04-10 09:06:49 UTC
@Karo: Please apply for 4.7.next and 4.8.next .

I'd like to get this into 4.6 too, but given that it's not strictly a sec fix I guess we'll have to carry it downstream.
Comment 3 Karolin Seeger 2018-04-10 09:48:52 UTC
(In reply to David Disseldorp from comment #2)
@David, there will be a last bugfix release for 4.6 tomorrow.
Comment 4 David Disseldorp 2018-04-10 10:00:48 UTC
(In reply to Karolin Seeger from comment #3)

@Karo: in that case, could you please apply the same patch to 4.6.next - I've reviewed and build-tested it against v4-6-test.
Comment 5 Karolin Seeger 2018-04-10 19:13:20 UTC
(In reply to David Disseldorp from comment #4)
Sure, thanks! :-)

Pushed to autobuild-v4-[8,7,6]-test.
Comment 6 Karolin Seeger 2018-04-12 06:55:48 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to all branches.
Closing out bug report.

Thanks!