Skip to content

Commit

Permalink
syscall: check correct group in Faccessat
Browse files Browse the repository at this point in the history
# AWS EKS
Backported To: go-1.15.15-eks
Backported On: Thu, 22 Sept 2022
Backported By: [email protected]
Backported From: release-branch.go1.17
EKS Patch Source Commit: danbudris@a4d1586
Upstream Source Commit: golang@04781d1
Fixes: CVE-2022-29526

# Original Information

The Faccessat call checks the user, group, or other permission bits of a
file to see if the calling process can access it. The test to see if the
group permissions should be used was made with the wrong group id, using
the process's group id rather than the file's group id. Fix this to use
the correct group id.

No test since we cannot easily change file permissions when not running
as root and the test is meaningless if running as root.

For golang#52313
Fixes golang#52439

Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/399539
Reviewed-by: Ian Lance Taylor <[email protected]>
Run-TryBot: Ian Lance Taylor <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
(cherry picked from commit f66925e)
Reviewed-on: https://go-review.googlesource.com/c/go/+/401078
Auto-Submit: Tatiana Bradley <[email protected]>
Run-TryBot: Tatiana Bradley <[email protected]>
Run-TryBot: Damien Neil <[email protected]>
Auto-Submit: Damien Neil <[email protected]>
Reviewed-by: Tatiana Bradley <[email protected]>
  • Loading branch information
neild authored and rcrozean committed Oct 5, 2022
1 parent e389ea3 commit 285b160
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/syscall/syscall_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
gid = Getgid()
}

if uint32(gid) == st.Gid || isGroupMember(gid) {
if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
fmode = (st.Mode >> 3) & 7
} else {
fmode = st.Mode & 7
Expand Down

0 comments on commit 285b160

Please sign in to comment.