Commit 2787db9e authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Ben Hutchings

fuse: fix killing s[ug]id in setattr

commit a09f99ed upstream.

Fuse allowed VFS to set mode in setattr in order to clear suid/sgid on
chown and truncate, and (since writeback_cache) write.  The problem with
this is that it'll potentially restore a stale mode.

The poper fix would be to let the filesystems do the suid/sgid clearing on
the relevant operations.  Possibly some are already doing it but there's no
way we can detect this.

So fix this by refreshing and recalculating the mode.  Do this only if
ATTR_KILL_S[UG]ID is set to not destroy performance for writes.  This is
still racy but the size of the window is reduced.
Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 03f23d54
...@@ -1822,16 +1822,40 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, ...@@ -1822,16 +1822,40 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
static int fuse_setattr(struct dentry *entry, struct iattr *attr) static int fuse_setattr(struct dentry *entry, struct iattr *attr)
{ {
struct inode *inode = entry->d_inode; struct inode *inode = entry->d_inode;
struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
int ret; int ret;
if (!fuse_allow_current_process(get_fuse_conn(inode))) if (!fuse_allow_current_process(get_fuse_conn(inode)))
return -EACCES; return -EACCES;
if (attr->ia_valid & ATTR_FILE) if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
ret = fuse_do_setattr(entry, attr, attr->ia_file); int kill;
else
ret = fuse_do_setattr(entry, attr, NULL); attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
ATTR_MODE);
/*
* ia_mode calculation may have used stale i_mode. Refresh and
* recalculate.
*/
ret = fuse_do_getattr(inode, NULL, file);
if (ret)
return ret;
attr->ia_mode = inode->i_mode;
kill = should_remove_suid(entry);
if (kill & ATTR_KILL_SUID) {
attr->ia_valid |= ATTR_MODE;
attr->ia_mode &= ~S_ISUID;
}
if (kill & ATTR_KILL_SGID) {
attr->ia_valid |= ATTR_MODE;
attr->ia_mode &= ~S_ISGID;
}
}
if (!attr->ia_valid)
return 0;
ret = fuse_do_setattr(entry, attr, file);
if (!ret) { if (!ret) {
/* Directory mode changed, may need to revalidate access */ /* Directory mode changed, may need to revalidate access */
if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE)) if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment