Project

General

Profile

Actions
Copy link

Feature #58680

closed

libcephfs: clear the suid/sgid for fallocate

Added by Xiubo Li about 1 year ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Xiubo Li
Category:
Correctness/Safety
Target version:
Ceph - v19.0.0
% Done:

0%

Source:
Tags:
backport_processed
Backport:
reef,quincy,pacific
Reviewed:
Affected Versions:
Component(FS):
Client, MDS
Labels (FS):
Pull request ID:
50053

Description

generic/684       - output mismatch (see /data/xfstests-dev/results//generic/684.out.bad)
    --- tests/generic/684.out    2022-06-08 16:30:24.648434802 +0800
    +++ /data/xfstests-dev/results//generic/684.out.bad    2022-11-18 05:43:36.212526827 +0800
    @@ -1,19 +1,19 @@
     QA output created by 684
     Test 1 - qa_user, non-exec file fpunch
     6666 -rwSrwSrw- TEST_DIR/684/a
    -666 -rw-rw-rw- TEST_DIR/684/a
    +6666 -rwSrwSrw- TEST_DIR/684/a

     Test 2 - qa_user, group-exec file fpunch
    ...
    (Run 'diff -u /data/xfstests-dev/tests/generic/684.out /data/xfstests-dev/results//generic/684.out.bad'  to see the entire diff)

Related issues 4 (0 open4 closed)

Copied from Linux kernel client - Bug #58054: kclient: xfstests-dev generic/684 failsResolvedXiubo Li

Actions
Copied to CephFS - Backport #59266: quincy: libcephfs: clear the suid/sgid for fallocateResolvedXiubo LiActions
Copied to CephFS - Backport #59267: reef: libcephfs: clear the suid/sgid for fallocateResolvedXiubo LiActions
Copied to CephFS - Backport #59268: pacific: libcephfs: clear the suid/sgid for fallocateResolvedXiubo LiActions
Actions
Copy link
 #1

Updated by Xiubo Li about 1 year ago

  • Copied from Bug #58054: kclient: xfstests-dev generic/684 fails added
Actions
Copy link
 #2

Updated by Xiubo Li about 1 year ago

  • Status changed from In Progress to Fix Under Review
  • Pull request ID set to 50053
Actions
Copy link
 #3

Updated by Xiubo Li about 1 year ago

The steps to verify this:

1, $ su root
2, $ ceph-fuse /mnt/cephfs
3, $ dd if=/dev/random of=/mnt/cephfs/file bz=1M count=10
4, $ chmod a+rws /mnt/cephfs/file
5, $ ll /mnt/cephfs/file
     -rwSrwSrw-. 1 root root 10485760 Feb  9 21:41 file
6, $ su - $unprivileged_user -c 'fallocate -p -o 200K -l 500K /mnt/cephfs/file'
7, $ ll /mnt/cephfs/file
     -rw-rw-rw-. 1 root root 10485760 Feb  9 21:57 /mnt/cephfs/file
Actions
Copy link
 #4

Updated by Xiubo Li about 1 year ago

Usually when a file is changed by unprivileged users the suid/sgid should be cleared to avoid possible attack from hacker.

Actions
Copy link
 #5

Updated by Venky Shankar about 1 year ago

  • Category set to Correctness/Safety
  • Target version set to v18.0.0
  • Backport set to pacific,quincy
  • Component(FS) Client, MDS added
Actions
Copy link
 #6

Updated by Venky Shankar about 1 year ago

  • Status changed from Fix Under Review to Pending Backport
  • Target version changed from v18.0.0 to v19.0.0
  • Backport changed from pacific,quincy to reef,quincy,pacific
Actions
Copy link
 #7

Updated by Backport Bot about 1 year ago

  • Copied to Backport #59266: quincy: libcephfs: clear the suid/sgid for fallocate added
Actions
Copy link
 #8

Updated by Backport Bot about 1 year ago

  • Copied to Backport #59267: reef: libcephfs: clear the suid/sgid for fallocate added
Actions
Copy link
 #9

Updated by Backport Bot about 1 year ago

  • Copied to Backport #59268: pacific: libcephfs: clear the suid/sgid for fallocate added
Actions
Copy link
 #10

Updated by Backport Bot about 1 year ago

  • Tags set to backport_processed
Actions
Copy link
 #11

Updated by Xiubo Li 10 months ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF