Actions
Feature #58680
closedlibcephfs: clear the suid/sgid for fallocate
Status:
Resolved
Priority:
Normal
Assignee:
Category:
Correctness/Safety
Target version:
% Done:
0%
Source:
Tags:
backport_processed
Backport:
reef,quincy,pacific
Reviewed:
Description
generic/684 - output mismatch (see /data/xfstests-dev/results//generic/684.out.bad) --- tests/generic/684.out 2022-06-08 16:30:24.648434802 +0800 +++ /data/xfstests-dev/results//generic/684.out.bad 2022-11-18 05:43:36.212526827 +0800 @@ -1,19 +1,19 @@ QA output created by 684 Test 1 - qa_user, non-exec file fpunch 6666 -rwSrwSrw- TEST_DIR/684/a -666 -rw-rw-rw- TEST_DIR/684/a +6666 -rwSrwSrw- TEST_DIR/684/a Test 2 - qa_user, group-exec file fpunch ... (Run 'diff -u /data/xfstests-dev/tests/generic/684.out /data/xfstests-dev/results//generic/684.out.bad' to see the entire diff)
Updated by Xiubo Li about 1 year ago
- Copied from Bug #58054: kclient: xfstests-dev generic/684 fails added
Updated by Xiubo Li about 1 year ago
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 50053
Updated by Xiubo Li about 1 year ago
The steps to verify this:
1, $ su root 2, $ ceph-fuse /mnt/cephfs 3, $ dd if=/dev/random of=/mnt/cephfs/file bz=1M count=10 4, $ chmod a+rws /mnt/cephfs/file 5, $ ll /mnt/cephfs/file -rwSrwSrw-. 1 root root 10485760 Feb 9 21:41 file 6, $ su - $unprivileged_user -c 'fallocate -p -o 200K -l 500K /mnt/cephfs/file' 7, $ ll /mnt/cephfs/file -rw-rw-rw-. 1 root root 10485760 Feb 9 21:57 /mnt/cephfs/file
Updated by Xiubo Li about 1 year ago
Usually when a file is changed by unprivileged users the suid/sgid should be cleared to avoid possible attack from hacker.
Updated by Venky Shankar about 1 year ago
- Category set to Correctness/Safety
- Target version set to v18.0.0
- Backport set to pacific,quincy
- Component(FS) Client, MDS added
Updated by Venky Shankar about 1 year ago
- Status changed from Fix Under Review to Pending Backport
- Target version changed from v18.0.0 to v19.0.0
- Backport changed from pacific,quincy to reef,quincy,pacific
Backport note: include https://github.com/ceph/ceph/pull/50793.
Updated by Backport Bot about 1 year ago
- Copied to Backport #59266: quincy: libcephfs: clear the suid/sgid for fallocate added
Updated by Backport Bot about 1 year ago
- Copied to Backport #59267: reef: libcephfs: clear the suid/sgid for fallocate added
Updated by Backport Bot about 1 year ago
- Copied to Backport #59268: pacific: libcephfs: clear the suid/sgid for fallocate added
Actions