From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: setfsuid() and access() syscall Date: Tue, 4 Aug 2009 16:53:09 -0500 Message-ID: <20090804215309.GA15067@us.ibm.com> References: <4A78A047.8040800@penguin.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-fsdevel@vger.kernel.org To: Ondrej Palkovsky Return-path: Received: from e34.co.us.ibm.com ([32.97.110.152]:58173 "EHLO e34.co.us.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933085AbZHDVxG (ORCPT ); Tue, 4 Aug 2009 17:53:06 -0400 Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e34.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id n74LnN5D028156 for ; Tue, 4 Aug 2009 15:49:23 -0600 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n74Lr66b224706 for ; Tue, 4 Aug 2009 15:53:06 -0600 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n74Lr60w027044 for ; Tue, 4 Aug 2009 15:53:06 -0600 Content-Disposition: inline In-Reply-To: <4A78A047.8040800@penguin.cz> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Quoting Ondrej Palkovsky (ondrap@penguin.cz): > Hello, > > the access() syscall (to find out if the user has permission to do > something on file) does not seem to reflect the setfsuid() syscall. > There are 2 conflicting pieces of information: > > - kernel/sys.c: > /* > * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This > * is used for "access()" and for the NFS daemon (letting nfsd stay at Good catch that. This comment needs to be fixed (proposed patch below). > * whatever uid it wants to). It normally shadows "euid", except when > * explicitly set by setfsuid() or for access.. > */ > - fs/namei.c > /* > * access() needs to use the real uid/gid, not the effective uid/gid. > * We do this by temporarily clearing all FS-related capabilities and > * switching the fsuid/fsgid around to the real ones. > */ > > The resulting behaviour (2.6.18, 2.6.28, source code for 2.6.30 seems to > be the same) seems to be that access() is dependent on uid, not fsuid - > this seems to me to be a bug, which unfortunately somewhat inhibits > multithreaded file servers that want to use access() e.g. for ACL > checks. Is there some reason why it is implemented the way it is as it > looks like an intention? > > Best regards > Ondrej Palkovsky >>From d0450cb216753d8c1d2d941bb5f4e15fe7aa2caf Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Tue, 4 Aug 2009 16:49:46 -0500 Subject: [PATCH 1/1] fix setfsuid comment: fsuid is not used for access Fix the comment above setfsuid which currently says that the fsuid is used for access(). In fact, ruid is used for access. Signed-off-by: Serge Hallyn --- kernel/sys.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index b3f1097..94e6622 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -835,9 +835,11 @@ SYSCALL_DEFINE3(getresgid, gid_t __user *, rgid, gid_t __user *, egid, gid_t __u /* * "setfsuid()" sets the fsuid - the uid used for filesystem checks. This - * is used for "access()" and for the NFS daemon (letting nfsd stay at - * whatever uid it wants to). It normally shadows "euid", except when - * explicitly set by setfsuid() or for access.. + * is used when setting uid for a new file, for calculating file permissions, + * and for the NFS daemon (letting nfsd stay at whatever uid it wants to). + * + * It normally shadows "euid", except when explicitly set by setfsuid() or + * for access.. */ SYSCALL_DEFINE1(setfsuid, uid_t, uid) { -- 1.6.0.4