Description of problem: Originally from Mark Fasheh <mark.fasheh> generic_file_splice_write() does not remove S_ISUID or S_ISGID. This is inconsistent with the way we generally write to files. Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8c34e2d63231d4bf4852bac8521883944d770fe3
This requires should_remove_suid(), and __remove_suid() from bug #463661.
This bug has similar consequences as CVE-2008-4210.
Reference: http://article.gmane.org/gmane.comp.security.oss.general/1008
This issue has been addressed in following products: Red Hat Linux Enterprise 5 Red Hat Linux Enterprise 5.2.z Via RHSA-2008:0957 available at https://rhn.redhat.com/errata/RHSA-2008-0957.html