From: Luis Henriques <lhenriques@suse.de>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Vivek Goyal <vgoyal@redhat.com>,
linux-fsdevel@vger.kernel.org, virtio-fs@redhat.com,
linux-kernel@vger.kernel.org, Luis Henriques <lhenriques@suse.de>
Subject: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl
Date: Fri, 26 Feb 2021 18:33:57 +0000 [thread overview]
Message-ID: <20210226183357.28467-1-lhenriques@suse.de> (raw)
Setting file permissions with POSIX ACLs (setxattr) isn't clearing the
setgid bit. This seems to be CVE-2016-7097, detected by running fstest
generic/375 in virtiofs. Unfortunately, when the fix for this CVE landed
in the kernel with commit 073931017b49 ("posix_acl: Clear SGID bit when
setting file permissions"), FUSE didn't had ACLs support yet.
Signed-off-by: Luis Henriques <lhenriques@suse.de>
---
fs/fuse/acl.c | 29 ++++++++++++++++++++++++++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git a/fs/fuse/acl.c b/fs/fuse/acl.c
index f529075a2ce8..1b273277c1c9 100644
--- a/fs/fuse/acl.c
+++ b/fs/fuse/acl.c
@@ -54,7 +54,9 @@ int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type)
{
struct fuse_conn *fc = get_fuse_conn(inode);
const char *name;
+ umode_t mode = inode->i_mode;
int ret;
+ bool update_mode = false;
if (fuse_is_bad(inode))
return -EIO;
@@ -62,11 +64,18 @@ int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type)
if (!fc->posix_acl || fc->no_setxattr)
return -EOPNOTSUPP;
- if (type == ACL_TYPE_ACCESS)
+ if (type == ACL_TYPE_ACCESS) {
name = XATTR_NAME_POSIX_ACL_ACCESS;
- else if (type == ACL_TYPE_DEFAULT)
+ if (acl) {
+ ret = posix_acl_update_mode(inode, &mode, &acl);
+ if (ret)
+ return ret;
+ if (inode->i_mode != mode)
+ update_mode = true;
+ }
+ } else if (type == ACL_TYPE_DEFAULT) {
name = XATTR_NAME_POSIX_ACL_DEFAULT;
- else
+ } else
return -EINVAL;
if (acl) {
@@ -98,6 +107,20 @@ int fuse_set_acl(struct inode *inode, struct posix_acl *acl, int type)
} else {
ret = fuse_removexattr(inode, name);
}
+ if (!ret && update_mode) {
+ struct dentry *entry;
+ struct iattr attr;
+
+ entry = d_find_alias(inode);
+ if (entry) {
+ memset(&attr, 0, sizeof(attr));
+ attr.ia_valid = ATTR_MODE | ATTR_CTIME;
+ attr.ia_mode = mode;
+ attr.ia_ctime = current_time(inode);
+ ret = fuse_do_setattr(entry, &attr, NULL);
+ dput(entry);
+ }
+ }
forget_all_cached_acls(inode);
fuse_invalidate_attr(inode);
next reply other threads:[~2021-02-26 18:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-26 18:33 Luis Henriques [this message]
2021-03-01 16:33 ` [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl Vivek Goyal
2021-03-01 18:20 ` Luis Henriques
2021-03-02 16:00 ` Vivek Goyal
2021-03-02 16:25 ` Vivek Goyal
2021-03-03 15:36 ` Miklos Szeredi
2021-03-02 14:22 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210226183357.28467-1-lhenriques@suse.de \
--to=lhenriques@suse.de \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).