fuse: setattr should set FATTR_KILL_SUIDGID

mainline inclusion from mainline-v5.11-rc1 commit 31792161 category: perf bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIR8 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3179216135ec09825d7c7875580951a6e69dc5df -------------------------------- If fc->handle_killpriv_v2 is enabled, we expect file server to clear suid/sgid/security.capbility upon chown/truncate/write as appropriate. Upon truncate (ATTR_SIZE), suid/sgid are cleared only if caller does not have CAP_FSETID. File server does not know whether caller has CAP_FSETID or not. Hence set FATTR_KILL_SUIDGID upon truncate to let file server know that caller does not have CAP_FSETID and it should kill suid/sgid as appropriate. On chown (ATTR_UID/ATTR_GID) suid/sgid need to be cleared irrespective of capabilities of calling process, so set FATTR_KILL_SUIDGID unconditionally in that case. Signed-off-by: N Vivek Goyal <vgoyal@redhat.com> Signed-off-by: N Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: N Baokun Li <libaokun1@huawei.com> Reviewed-by: N Hou Tao <houtao1@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

fuse: setattr should set FATTR_KILL_SUIDGID
mainline inclusion from mainline-v5.11-rc1 commit 31792161 category: perf bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIR8 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3179216135ec09825d7c7875580951a6e69dc5df -------------------------------- If fc->handle_killpriv_v2 is enabled, we expect file server to clear suid/sgid/security.capbility upon chown/truncate/write as appropriate. Upon truncate (ATTR_SIZE), suid/sgid are cleared only if caller does not have CAP_FSETID. File server does not know whether caller has CAP_FSETID or not. Hence set FATTR_KILL_SUIDGID upon truncate to let file server know that caller does not have CAP_FSETID and it should kill suid/sgid as appropriate. On chown (ATTR_UID/ATTR_GID) suid/sgid need to be cleared irrespective of capabilities of calling process, so set FATTR_KILL_SUIDGID unconditionally in that case. Signed-off-by: N Vivek Goyal <vgoyal@redhat.com> Signed-off-by: N Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: N Baokun Li <libaokun1@huawei.com> Reviewed-by: N Hou Tao <houtao1@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
d9f7a979 · Vivek Goyal · Zheng Zengkai · 7baffd4f · d9f7a979 · d9f7a979
隐藏空白更改
内联并排

Showing with 12 addition and 1 deletion

fs/fuse/dir.c fs/fuse/dir.c +10 -0

include/uapi/linux/fuse.h include/uapi/linux/fuse.h +2 -1

未找到文件。
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1693,10 +1693,20 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
 		inarg.valid |= FATTR_FH;
 		inarg.fh = ff->fh;
 	}
+
+	/* Kill suid/sgid for non-directory chown unconditionally */
+	if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
+	    attr->ia_valid & (ATTR_UID | ATTR_GID))
+		inarg.valid |= FATTR_KILL_SUIDGID;
+
 	if (attr->ia_valid & ATTR_SIZE) {
 		/* For mandatory locking in truncate */
 		inarg.valid |= FATTR_LOCKOWNER;
 		inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
+
+		/* Kill suid/sgid for truncate only if no CAP_FSETID */
+		if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
+			inarg.valid |= FATTR_KILL_SUIDGID;
 	}
 	fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
 	err = fuse_simple_request(fm, &args);

--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -177,7 +177,7 @@
 *  - add flags to fuse_attr, add FUSE_ATTR_SUBMOUNT, add FUSE_SUBMOUNTS
 *
 *  7.33
- *  - add FUSE_HANDLE_KILLPRIV_V2, FUSE_WRITE_KILL_SUIDGID
+ *  - add FUSE_HANDLE_KILLPRIV_V2, FUSE_WRITE_KILL_SUIDGID, FATTR_KILL_SUIDGID
 */

 #ifndef _LINUX_FUSE_H
@@ -274,6 +274,7 @@ struct fuse_file_lock {
 #define FATTR_MTIME_NOW	(1 << 8)
 #define FATTR_LOCKOWNER	(1 << 9)
 #define FATTR_CTIME	(1 << 10)
+#define FATTR_KILL_SUIDGID	(1 << 11)

 /**
 * Flags returned by the OPEN request