Linux Kernel NFSD NFSv4 ACL Handling Vulnerability

A vulnerability in the Linux kernel's NFSv4 file creation process has been identified, where Access Control Lists (ACLs) are not properly set. When an NFSv4 client specifies an ACL with a named principal during file creation, the ACL retrieved later is only a default one, based on the mode bits, rather than the one originally requested. This issue, which violates RFC 8881 section 6.4.1.3, arises because the function that validates attributes before setting them only checks certain changes and security labels, but not POSIX ACLs. As a result, when only an ACL is present, the necessary function to apply it is bypassed, leading to the omission of the specified ACL on the inode. Consequently, when the ACL is retrieved, the server generates a default one from the file's mode bits instead of returning the originally specified ACL.

Impact

This vulnerability can lead to incorrect ACL management in NFSv4, causing specified ACLs to be replaced with default ones based on file mode bits, which may not reflect the intended permissions.

Reproduction

To reproduce this vulnerability, an NFSv4 client must be used to create a file while specifying an ACL that includes a named principal. After the file is created, the ACL should be retrieved. The retrieved ACL will only reflect the default settings based on the file's mode bits, not the ACL that was originally set during creation. This can be verified by checking the ACL attributes of the file against what was intended to be applied during the creation process.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the Linux kernel can be found in the official Linux documentation or through the package management system of the respective Linux distribution.