| commit | 72b8e98252b0231868f04d40456459057126980c | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Mon, 5 Sep 2022 02:53:26 +0000 (5 14:53 +1200) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Fri, 16 Sep 2022 02:32:36 +0000 (16 02:32 +0000) | ||
| tree | 5c64a8d15e2acdccbb7e928d0a2087b52cf0345d | treesnapshot (tar.gz zip) |
| parent | 6dc6ca56bd517a5cba85bb4ec120fcfb5feadfb8 | commitdiff |
CVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights
se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| source4/ntvfs/posix/pvfs_acl.c | diffblobblamehistory |