Bug 15120 - Fix check for chown when processing NFSv4 ACL
Summary: Fix check for chown when processing NFSv4 ACL
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules (show other bugs)
Version: 4.16.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-12 21:16 UTC by Christof Schmitt
Modified: 2022-07-18 11:19 UTC (History)
1 user (show)

See Also:


Attachments
patch for 4.16 (1.46 KB, patch)
2022-07-13 17:52 UTC, Christof Schmitt
vl: review+
Details
patch for 4.15 (1.46 KB, patch)
2022-07-13 18:00 UTC, Christof Schmitt
vl: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christof Schmitt 2022-07-12 21:16:32 UTC
Due to a bug in the NFSv4 ACL handling, a chown is always attempted,
even when the owner is not requested to be changed. After the chown
call, the ACL is set as root in the file system, potentially
circumventing additional restrictions the file system might put in
place for setting an ACL.
Comment 1 Samba QA Contact 2022-07-13 17:31:04 UTC
This bug was referenced in samba master:

a6ccceb97ebd43d453ae4f835927cbacde0fdcef
Comment 2 Christof Schmitt 2022-07-13 17:52:11 UTC
Created attachment 17418 [details]
patch for 4.16
Comment 3 Christof Schmitt 2022-07-13 18:00:03 UTC
Created attachment 17419 [details]
patch for 4.15
Comment 4 Jule Anger 2022-07-18 07:43:18 UTC
Pushed to autobuild-v4-{16,15}-test.
Comment 5 Samba QA Contact 2022-07-18 09:41:19 UTC
This bug was referenced in samba v4-16-test:

52ac4ce23268cd0975da55adb090248096b1cfc5
Comment 6 Samba QA Contact 2022-07-18 10:37:11 UTC
This bug was referenced in samba v4-15-test:

206c4f0094e11239903bf183ebd817443608a235
Comment 7 Jule Anger 2022-07-18 11:03:30 UTC
Closing out bug report.

Thanks!
Comment 8 Samba QA Contact 2022-07-18 11:19:38 UTC
This bug was referenced in samba v4-16-stable (Release samba-4.16.3):

52ac4ce23268cd0975da55adb090248096b1cfc5