Re: [PATCH v2] NFSD: Don't clear SUID/SGID after root writing data

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kinglong Mee <kinglongmee@gmail.com>
To: Christoph Hellwig <hch@infradead.org>,
	"J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2] NFSD: Don't clear SUID/SGID after root writing data
Date: Fri, 16 May 2014 15:31:09 +0800	[thread overview]
Message-ID: <5375BEBD.50805@gmail.com> (raw)
In-Reply-To: <20140510051017.GA23444@infradead.org>


On 5/10/2014 13:10, Christoph Hellwig wrote:
> On Fri, May 09, 2014 at 05:40:57PM -0400, J. Bruce Fields wrote:
>> On Fri, May 09, 2014 at 03:55:03PM +0800, Kinglong Mee wrote:
>>> On 5/9/2014 00:12, J. Bruce Fields wrote:
>>>> I'd like to apply this if only to remove the redundant code.
>>>>
>>>> I'd like to understand, though, whether this is something that caused an
>>>> actual practical problem for someone, or if you just happened to notice
>>>> the inconsistency between nfs and ext4 behavior?
>>>
>>> I test it with ext2,ext3,btrfs,xfs.
>>> Test result is same as ext4.
>>> So, we needs remove the redundant killing of suid/sgid.
>>
>> Understood that this would make the behavior consistent with
>> filesystems.  But, you don't know of any cases of the current behavior
>> is actually causing a problem for anyone? 
> 
> I thin this also is the root cause for xfstests generic/193 failing on
> NFS, but I haven't verified it yet.

xfstests generic/193 only tests non-root user truncating file
with root setting SGID/SUID mode. generic/193 will not fail.

236 _create_files
237 # Now test out the clear of suid/sgid for truncate
238 #
239 echo "check that suid/sgid bits are cleared after successful truncate..."
240
241 echo "with no exec perm"
242 echo frobnozzle >> $test_user
243 chmod ug+s $test_user
244 echo -n "before: "; stat -c '%A' $test_user
245 su ${qa_user} -c "echo > $test_user"
246 echo -n "after:  "; stat -c '%A' $test_user
247
248 echo "with user exec perm"
249 echo frobnozzle >> $test_user
250 chmod ug+s $test_user
251 chmod u+x $test_user
252 echo -n "before: "; stat -c '%A' $test_user
253 su ${qa_user} -c "echo > $test_user"
254 echo -n "after:  "; stat -c '%A' $test_user
255
256 echo "with group exec perm"
257 echo frobnozzle >> $test_user
258 chmod ug+s $test_user
259 chmod g+x $test_user
260 chmod u-x $test_user
261 echo -n "before: "; stat -c '%A' $test_user
262 su ${qa_user} -c "echo > $test_user"
263 echo -n "after:  "; stat -c '%A' $test_user
264
265 echo "with user+group exec perm"
266 echo frobnozzle >> $test_user
267 chmod ug+s $test_user
268 chmod ug+x $test_user
269 echo -n "before: "; stat -c '%A' $test_user
270 su ${qa_user} -c "echo > $test_user"
271 echo -n "after:  "; stat -c '%A' $test_user

thanks,
Kinglong Mee

next prev parent reply	other threads:[~2014-05-16  7:31 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-13 15:11 [PATCH] NFSD: Checking whether kill_suid by should_remove_suid() Kinglong Mee
2014-04-18 13:02 ` J. Bruce Fields
2014-04-18 13:51   ` Kinglong Mee
2014-04-18 16:17     ` [PATCH v2] NFSD: Don't clear SUID/SGID after root writing data Kinglong Mee
2014-05-08 16:12       ` J. Bruce Fields
2014-05-09  7:55         ` Kinglong Mee
2014-05-09 21:40           ` J. Bruce Fields
2014-05-10  5:10             ` Christoph Hellwig
2014-05-16  7:31               ` Kinglong Mee [this message]
2014-05-16 15:12                 ` Christoph Hellwig
2014-04-18 16:25   ` [PATCH] NFSD: Checking whether kill_suid by should_remove_suid() Kinglong Mee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5375BEBD.50805@gmail.com \
    --to=kinglongmee@gmail.com \
    --cc=bfields@fieldses.org \
    --cc=hch@infradead.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.