git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Miklos Szeredi <mszeredi@redhat.com>
	Mon, 27 May 2019 07:08:12 +0000 (09:08 +0200)
committer	Miklos Szeredi <mszeredi@redhat.com>
	Mon, 27 May 2019 09:42:36 +0000 (11:42 +0200)
commit	4a2abf99f9c2877039006b8dfb3ec4e0d1278fe8
tree	01872fd7aac66a14a0aaaccb7f74289e1603eccf	tree
parent	35d6fcbb7c3e296a52136347346a698a35af3fda	commit \| diff

fuse: add FUSE_WRITE_KILL_PRIV

In the FOPEN_DIRECT_IO case the write path doesn't call file_remove_privs()
and that means setuid bit is not cleared if unpriviliged user writes to a
file with setuid bit set.

pjdfstest chmod test 12.t tests this and fails.

Fix this by adding a flag to the FUSE_WRITE message that requests clearing
privileges on the given file.  This needs

This better than just calling fuse_remove_privs(), because the attributes
may not be up to date, so in that case a write may miss clearing the
privileges.

Test case:

  $ passthrough_ll /mnt/pasthrough-mnt -o default_permissions,allow_other,cache=never
  $ mkdir /mnt/pasthrough-mnt/testdir
  $ cd /mnt/pasthrough-mnt/testdir
  $ prove -rv pjdfstests/tests/chmod/12.t

Reported-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Tested-by: Vivek Goyal <vgoyal@redhat.com>

fs/fuse/file.c		diff \| blob \| blame \| history
include/uapi/linux/fuse.h		diff \| blob \| blame \| history