From: Vivek Goyal <vgoyal@redhat.com>
To: linux-fsdevel@vger.kernel.org, miklos@szeredi.hu
Cc: virtio-fs@redhat.com, vgoyal@redhat.com
Subject: [Virtio-fs] [PATCH v3 3/6] fuse: setattr should set FATTR_KILL_PRIV upon size change
Date: Fri, 9 Oct 2020 14:15:09 -0400 [thread overview]
Message-ID: <20201009181512.65496-4-vgoyal@redhat.com> (raw)
In-Reply-To: <20201009181512.65496-1-vgoyal@redhat.com>
If fc->handle_killpriv_v2 is enabled, we expect file server to clear
suid/sgid/security.capbility upon chown/truncate/write as appropriate.
Upon truncate (ATTR_SIZE), suid/sgid is cleared only if caller does
not have CAP_FSETID. File server does not know whether caller has
CAP_FSETID or not. Hence set FATTR_KILL_PRIV upon truncate to let
file server know that caller does not have CAP_FSETID and it should
kill suid/sgid as appropriate.
We don't have to send this information for chown (ATTR_UID/ATTR_GID)
as that always clears suid/sgid irrespective of capabilities of
calling process.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
fs/fuse/dir.c | 2 ++
include/uapi/linux/fuse.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index c4a01290aec6..ecdb7895c156 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1575,6 +1575,8 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
/* For mandatory locking in truncate */
inarg.valid |= FATTR_LOCKOWNER;
inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
+ if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
+ inarg.valid |= FATTR_KILL_PRIV;
}
fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
err = fuse_simple_request(fc, &args);
diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
index 3ae3f222a0ed..7b8da0a2de0d 100644
--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -269,6 +269,7 @@ struct fuse_file_lock {
#define FATTR_MTIME_NOW (1 << 8)
#define FATTR_LOCKOWNER (1 << 9)
#define FATTR_CTIME (1 << 10)
+#define FATTR_KILL_PRIV (1 << 14) /* Matches ATTR_KILL_PRIV */
/**
* Flags returned by the OPEN request
--
2.25.4
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com>
To: linux-fsdevel@vger.kernel.org, miklos@szeredi.hu
Cc: vgoyal@redhat.com, virtio-fs@redhat.com
Subject: [PATCH v3 3/6] fuse: setattr should set FATTR_KILL_PRIV upon size change
Date: Fri, 9 Oct 2020 14:15:09 -0400 [thread overview]
Message-ID: <20201009181512.65496-4-vgoyal@redhat.com> (raw)
In-Reply-To: <20201009181512.65496-1-vgoyal@redhat.com>
If fc->handle_killpriv_v2 is enabled, we expect file server to clear
suid/sgid/security.capbility upon chown/truncate/write as appropriate.
Upon truncate (ATTR_SIZE), suid/sgid is cleared only if caller does
not have CAP_FSETID. File server does not know whether caller has
CAP_FSETID or not. Hence set FATTR_KILL_PRIV upon truncate to let
file server know that caller does not have CAP_FSETID and it should
kill suid/sgid as appropriate.
We don't have to send this information for chown (ATTR_UID/ATTR_GID)
as that always clears suid/sgid irrespective of capabilities of
calling process.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
fs/fuse/dir.c | 2 ++
include/uapi/linux/fuse.h | 1 +
2 files changed, 3 insertions(+)
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index c4a01290aec6..ecdb7895c156 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1575,6 +1575,8 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
/* For mandatory locking in truncate */
inarg.valid |= FATTR_LOCKOWNER;
inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
+ if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
+ inarg.valid |= FATTR_KILL_PRIV;
}
fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
err = fuse_simple_request(fc, &args);
diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
index 3ae3f222a0ed..7b8da0a2de0d 100644
--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -269,6 +269,7 @@ struct fuse_file_lock {
#define FATTR_MTIME_NOW (1 << 8)
#define FATTR_LOCKOWNER (1 << 9)
#define FATTR_CTIME (1 << 10)
+#define FATTR_KILL_PRIV (1 << 14) /* Matches ATTR_KILL_PRIV */
/**
* Flags returned by the OPEN request
--
2.25.4
next prev parent reply other threads:[~2020-10-09 18:15 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 18:15 [Virtio-fs] [PATCH v3 0/6] fuse: Implement FUSE_HANDLE_KILLPRIV_V2 and enable SB_NOSEC Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal
2020-10-09 18:15 ` [Virtio-fs] [PATCH v3 1/6] fuse: Introduce the notion of FUSE_HANDLE_KILLPRIV_V2 Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal
2020-10-09 18:15 ` [Virtio-fs] [PATCH v3 2/6] fuse: Set FUSE_WRITE_KILL_PRIV in cached write path Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal [this message]
2020-10-09 18:15 ` [PATCH v3 3/6] fuse: setattr should set FATTR_KILL_PRIV upon size change Vivek Goyal
2020-11-06 14:39 ` [Virtio-fs] " Miklos Szeredi
2020-11-06 14:39 ` Miklos Szeredi
2020-11-06 17:18 ` [Virtio-fs] " Vivek Goyal
2020-11-06 17:18 ` Vivek Goyal
2020-11-11 13:54 ` [Virtio-fs] " Miklos Szeredi
2020-11-11 13:54 ` Miklos Szeredi
2020-11-11 14:27 ` [Virtio-fs] " Harry G. Coin
2020-11-11 16:24 ` Miklos Szeredi
2020-11-11 16:24 ` Miklos Szeredi
2020-11-11 22:09 ` [Virtio-fs] " Vivek Goyal
2020-11-11 22:09 ` Vivek Goyal
2020-11-11 19:16 ` [Virtio-fs] " Vivek Goyal
2020-11-11 19:16 ` Vivek Goyal
2020-10-09 18:15 ` [Virtio-fs] [PATCH v3 4/6] fuse: Don't send ATTR_MODE to kill suid/sgid for handle_killpriv_v2 Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal
2020-10-09 18:15 ` [Virtio-fs] [PATCH v3 5/6] fuse: Add a flag FUSE_OPEN_KILL_PRIV for open() request Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal
2020-11-06 13:55 ` [Virtio-fs] " Miklos Szeredi
2020-11-06 13:55 ` Miklos Szeredi
2020-11-06 16:00 ` [Virtio-fs] " Vivek Goyal
2020-11-06 16:00 ` Vivek Goyal
2020-11-06 16:33 ` [Virtio-fs] " Miklos Szeredi
2020-11-06 16:33 ` Miklos Szeredi
2020-11-06 18:41 ` [Virtio-fs] " Vivek Goyal
2020-11-06 18:41 ` Vivek Goyal
2020-10-09 18:15 ` [Virtio-fs] [PATCH v3 6/6] fuse: Support SB_NOSEC flag to improve direct write performance Vivek Goyal
2020-10-09 18:15 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201009181512.65496-4-vgoyal@redhat.com \
--to=vgoyal@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.