From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com
Subject: Re: [Virtio-fs] [PATCH 0/4] Drop CAP_FSETID if client needs to kill setuid/setgid bits
Date: Wed, 14 Aug 2019 10:55:05 +0100 [thread overview]
Message-ID: <20190814095505.GE2920@work-vm> (raw)
In-Reply-To: <20190813192944.26009-1-vgoyal@redhat.com>
* Vivek Goyal (vgoyal@redhat.com) wrote:
> If a file has setuid/setuid bit set and a writer writes to file without
> having CAP_FSETID capability, kernel clears setuid/setgid bit on file.
>
> pjdfstest test chmod/12.t tests for this. With moving to 5.3 kernel and
> cache=none this test fails.
>
> Now Miklos has introducd a commit where if client thinks that
> setuid/setgid bit should be cleared, it sets FUSE_KILL_PRIV flag
> in fuse_write_in->write_flags. This is an indication to daemon to
> clear setuid/setgid bit atomically.
>
> So drop CAP_FSETID capability and then proceed with write and that
> should automatically clear setuid bit.
1,2,3 added to my world.
4 still to be discussed
> Vivek Goyal (4):
> virtiofsd: Fix number of padding bits in fuse_file_info
> virtiofsd: Use macros for write_flag parsing
> virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV
> virtiofsd: Drop CAP_FSETID if client asked for it
>
> contrib/virtiofsd/Makefile.objs | 2 +
> contrib/virtiofsd/fuse_common.h | 5 +-
> contrib/virtiofsd/fuse_kernel.h | 1 +
> contrib/virtiofsd/fuse_lowlevel.c | 6 +-
> contrib/virtiofsd/passthrough_ll.c | 127 +++++++++++++++++++++++++++++
> contrib/virtiofsd/seccomp.c | 2 +
> 6 files changed, 140 insertions(+), 3 deletions(-)
>
> --
> 2.17.2
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
prev parent reply other threads:[~2019-08-14 9:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-13 19:29 [Virtio-fs] [PATCH 0/4] Drop CAP_FSETID if client needs to kill setuid/setgid bits Vivek Goyal
2019-08-13 19:29 ` [Virtio-fs] [PATCH 1/4] virtiofsd: Fix number of padding bits in fuse_file_info Vivek Goyal
2019-08-14 8:54 ` Dr. David Alan Gilbert
2019-08-21 11:25 ` Dr. David Alan Gilbert
2019-08-13 19:29 ` [Virtio-fs] [PATCH 2/4] virtiofsd: Use macros for write_flag parsing Vivek Goyal
2019-08-14 9:13 ` Dr. David Alan Gilbert
2019-08-13 19:29 ` [Virtio-fs] [PATCH 3/4] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV Vivek Goyal
2019-08-14 9:28 ` Dr. David Alan Gilbert
2019-08-13 19:29 ` [Virtio-fs] [PATCH 4/4] virtiofsd: Drop CAP_FSETID if client asked for it Vivek Goyal
2019-08-14 9:52 ` Dr. David Alan Gilbert
2019-08-14 12:43 ` Vivek Goyal
2019-08-14 13:17 ` Dr. David Alan Gilbert
2019-08-14 9:55 ` Dr. David Alan Gilbert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190814095505.GE2920@work-vm \
--to=dgilbert@redhat.com \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.