* [PATCH 0/7] fix setuid/setgid clearing in networked filesystems (take 5)
@ 2007-09-04 14:36 Jeff Layton
2007-09-09 14:18 ` Christoph Hellwig
0 siblings, 1 reply; 2+ messages in thread
From: Jeff Layton @ 2007-09-04 14:36 UTC (permalink / raw)
To: linux-kernel, linux-fsdevel
Cc: linux-cifs-client, nfs, ecryptfs-devel, reiserfs-devel, unionfs
When an unprivileged process attempts to modify a file that has the
setuid or setgid bits set, the VFS will attempt to clear these bits. The
VFS will set the ATTR_KILL_SUID or ATTR_KILL_SGID bits in the ia_valid
mask, and then call notify_change to clear these bits and set the mode
accordingly.
With a networked filesystem (NFS and CIFS in particular but likely
others), the client machine or process may not have credentials that
allow for setting the mode. In some situations, this can lead to file
corruption, an operation failing outright because the setattr fails, or
to races that lead to a mode change being reverted.
In this situation, we'd like to just leave the handling of this to the
server and ignore these bits. The problem is that by the time the
setattr op is called, the VFS has already reinterpreted the ATTR_KILL_*
bits into a mode change and the setattr operation has no way to
know its intent.
The following patchset fixes this by making notify_change no longer
clear the ATTR_KILL_SUID and ATTR_KILL_SGID bits in the ia_valid before
handing it off to the setattr inode op. setattr can then check for the
presence of these bits, and if they're set it can assume that the mode
change was only for the purposes of clearing these bits.
This means that we now have an implicit assumption that notify_change is
never called with ATTR_MODE and either ATTR_KILL_S*ID bit set. Nothing
currently enforces that, so the first patch also adds a BUG_ON() if that
occurs.
The next two patches fix NFS and CIFS to take advantage of this new
scheme to ignore doing the mode change when these flags are set. The
last four patches fix up callers of notify_change to make sure that
they don't trip the new BUG() call.
This patchset should apply cleanly to 2.6.23-rc4-mm1. This is
basically the same patchset as take 4 with a few extra patches to
fix up the callers of notify_change, and some minor parenthetical
cleanups.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH 0/7] fix setuid/setgid clearing in networked filesystems (take 5)
2007-09-04 14:36 [PATCH 0/7] fix setuid/setgid clearing in networked filesystems (take 5) Jeff Layton
@ 2007-09-09 14:18 ` Christoph Hellwig
0 siblings, 0 replies; 2+ messages in thread
From: Christoph Hellwig @ 2007-09-09 14:18 UTC (permalink / raw)
To: Jeff Layton
Cc: reiserfs-devel, linux-kernel, nfs, ecryptfs-devel, linux-fsdevel,
unionfs, linux-cifs-client
Looks good content-wise. But please move the patches that make sure
we never trip the BUG before the patch introducing them so that we
get a cleanly bisectable tree.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-09-09 14:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-04 14:36 [PATCH 0/7] fix setuid/setgid clearing in networked filesystems (take 5) Jeff Layton
2007-09-09 14:18 ` Christoph Hellwig
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).