Description of problem: We should be checking for the ownership of the file for which flags are being set, rather than just for write access. Upstream commit: http://git.kernel.org/linus/7df0e0397b9a18358573274db9fdab991941062f Acknowledgements: Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue. Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-1641. This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system. A future kernel update in Red Hat Enterprise Linux 5 will address this issue.
http://www.linux-archive.org/cluster-development/375481-gfs2-fix-permissions-checking-setflags-ioctl.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0504 https://rhn.redhat.com/errata/RHSA-2010-0504.html