Source: linux Version: 4.7.8-1 Severity: important Tags: patch security upstream fixed-upstream Control: found -1 3.16.39-1 Control: found -1 3.2.84-1 Control: fixed -1 4.12.6-1 Control: fixed -1 4.13~rc5-1~exp1
# tagged security since introduced by a previous security fix, and # might have some security implications. Opening a bug for tracking status: The fix for CVE-2016-7097 introduced a regression, where the sgid bit might be cleared under some cirumstances: > When new directory 'DIR1' is created in a directory 'DIR0' with SGID > bit set, DIR1 is expected to have SGID bit set (and owning group > equal to the owning group of 'DIR0'). However when 'DIR0' also has > some default ACLs that 'DIR1' inherits, setting these ACLs will > result in SGID bit on 'DIR1' to get cleared if user is not member of > the owning group. Fixes: a3bb2d558752 ext4: Don't clear SGID when inheriting ACLs 9bcf66c72d72 jfs: Don't clear SGID when inheriting ACLs 84969465ddc4 hfsplus: Don't clear SGID when inheriting ACLs a992f2d38e4c ext2: Don't clear SGID when inheriting ACLs 6883cd7f6824 reiserfs: Don't clear SGID when inheriting ACLs c925dc162f77 f2fs: Don't clear SGID when inheriting ACLs b7f8a09f8097 btrfs: Don't clear SGID when inheriting ACLs 8ba358756aa0 xfs: Don't clear SGID when inheriting ACLs Regards, Salvatore