Linux Kernel NFS Delegated Timestamp Vulnerability Allowing Improper Permission Checks

A vulnerability in the Linux kernel's NFS implementation can lead to incorrect permission handling when delegated timestamps are enabled. This issue arises because the 'nfs_setattr' function fails to verify the inode's user ID against the caller's file system user ID, particularly when using the 'nobody' user ID. As a result, modifications to access and modification times may not be properly authorized, potentially allowing unauthorized changes to file metadata.

Impact

Exploitation of this vulnerability could result in unauthorized modifications to file access and modification timestamps, disrupting normal file management and potentially leading to further security issues.

Reproduction

The vulnerability can be reproduced by enabling delegated timestamps on an NFS share and then running specific LTP (Linux Test Project) tests that modify file timestamps using the 'nobody' user ID. This process involves exporting a directory with NFS, mounting it, and then executing the LTP tests that trigger the vulnerability.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.