Vigil@nce: Linux kernel, ACL change on btrfs
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
On a btrfs filesystem, a local attacker can change ACLs of a file
belonging to another user.
– Severity: 1/4
– Creation date: 14/06/2010
DESCRIPTION OF THE VULNERABILITY
The btrfs filesystem is supported since Linux kernel version
2.6.29.
The setfacl command is used to define ACLs on a file. The
btrfs_xattr_set_acl() function of the fs/btrfs/acl.c file
implements the system call on btrfs. However, this function does
not check if the user owns the file.
On a btrfs filesystem, a local attacker can therefore change ACLs
of a file belonging to another user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-ACL-change-on-btrfs-9707