diff options
| author | Jeremy Allison <jra@samba.org> | 2016-01-05 10:52:50 -0800 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:40:00 +0100 |
| commit | 774e210f891023bbd76aba14545b0e5eb0cc1512 (patch) | |
| tree | 32228ee51bdad44ccd77c4f8acf35bdd83c7e42b | |
| parent | fa1c482083cc1b0f124490bd40ad79dd7e94de2c (diff) | |
| download | samba-774e210f891023bbd76aba14545b0e5eb0cc1512.tar.gz | |
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
| -rw-r--r-- | source3/smbd/nttrans.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f812e853d49..923373873a6 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -875,6 +875,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, return NT_STATUS_OK; } + if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { + DEBUG(10, ("ACL set on symlink %s denied.\n", + fsp_str_dbg(fsp))); + return NT_STATUS_ACCESS_DENIED; + } + if (psd->owner_sid == NULL) { security_info_sent &= ~SECINFO_OWNER; } |