syscall: Faccessat checks wrong group [1.17 backport] #52439
Labels
CherryPickApproved
Used during the release process for point releases
FrozenDueToAge
release-blocker
Security
Milestone
Comments
gopherbot
added
the
CherryPickCandidate
|
Change https://go.dev/cl/401078 mentions this issue: |
heschi
added
the
CherryPickApproved
gopherbot
removed
the
CherryPickCandidate
gopherbot
pushed a commit
that referenced
this issue
May 9, 2022
The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For #52313 Fixes #52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
|
Closed by merging 04781d1 to release-branch.go1.17. |
danbudris
pushed a commit
to danbudris/go
that referenced
this issue
Sep 9, 2022
The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
danbudris
pushed a commit
to danbudris/go
that referenced
this issue
Sep 9, 2022
The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
danbudris
pushed a commit
to danbudris/go
that referenced
this issue
Sep 12, 2022
The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
danbudris
pushed a commit
to danbudris/go
that referenced
this issue
Sep 14, 2022
The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
rcrozean
pushed a commit
to rcrozean/go
that referenced
this issue
Oct 5, 2022
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: danbudris@a4d1586 Upstream Source Commit: golang@04781d1 Fixes: CVE-2022-29526 # Original Information The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
rcrozean
pushed a commit
to rcrozean/go
that referenced
this issue
Oct 12, 2022
# AWS EKS Backported To: go-1.15.15-eks Backported On: Thu, 22 Sept 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: danbudris@a4d1586 Upstream Source Commit: golang@04781d1 Fixes: CVE-2022-29526 # Original Information The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
rcrozean
pushed a commit
to rcrozean/go
that referenced
this issue
Oct 12, 2022
# AWS EKS Backported To: go-1.16.15-eks Backported On: Tue, 04 Oct 2022 Backported By: budris@amazon.com Backported From: release-branch.go1.17 EKS Patch Source Commit: danbudris@e13d51d Upstream Source Commit: golang@04781d1 # Original Information The Faccessat call checks the user, group, or other permission bits of a file to see if the calling process can access it. The test to see if the group permissions should be used was made with the wrong group id, using the process's group id rather than the file's group id. Fix this to use the correct group id. No test since we cannot easily change file permissions when not running as root and the test is meaningless if running as root. For golang#52313 Fixes golang#52439 Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee Reviewed-on: https://go-review.googlesource.com/c/go/+/399539 Reviewed-by: Ian Lance Taylor <iant@google.com> Run-TryBot: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit f66925e) Reviewed-on: https://go-review.googlesource.com/c/go/+/401078 Auto-Submit: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
@neild requested issue #52313 to be considered for backport to the next 1.17 minor release.
The text was updated successfully, but these errors were encountered: