Feature #58680
closed
libcephfs: clear the suid/sgid for fallocate
Added by Xiubo Li about 1 year ago.
Updated 10 months ago.
Category:
Correctness/Safety
Backport:
reef,quincy,pacific
Component(FS):
Client, MDS
Description
generic/684 - output mismatch (see /data/xfstests-dev/results//generic/684.out.bad)
--- tests/generic/684.out 2022-06-08 16:30:24.648434802 +0800
+++ /data/xfstests-dev/results//generic/684.out.bad 2022-11-18 05:43:36.212526827 +0800
@@ -1,19 +1,19 @@
QA output created by 684
Test 1 - qa_user, non-exec file fpunch
6666 -rwSrwSrw- TEST_DIR/684/a
-666 -rw-rw-rw- TEST_DIR/684/a
+6666 -rwSrwSrw- TEST_DIR/684/a
Test 2 - qa_user, group-exec file fpunch
...
(Run 'diff -u /data/xfstests-dev/tests/generic/684.out /data/xfstests-dev/results//generic/684.out.bad' to see the entire diff)
- Copied from Bug #58054: kclient: xfstests-dev generic/684 fails added
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 50053
The steps to verify this:
1, $ su root
2, $ ceph-fuse /mnt/cephfs
3, $ dd if=/dev/random of=/mnt/cephfs/file bz=1M count=10
4, $ chmod a+rws /mnt/cephfs/file
5, $ ll /mnt/cephfs/file
-rwSrwSrw-. 1 root root 10485760 Feb 9 21:41 file
6, $ su - $unprivileged_user -c 'fallocate -p -o 200K -l 500K /mnt/cephfs/file'
7, $ ll /mnt/cephfs/file
-rw-rw-rw-. 1 root root 10485760 Feb 9 21:57 /mnt/cephfs/file
Usually when a file is changed by unprivileged users the suid/sgid should be cleared to avoid possible attack from hacker.
- Category set to Correctness/Safety
- Target version set to v18.0.0
- Backport set to pacific,quincy
- Component(FS) Client, MDS added
- Status changed from Fix Under Review to Pending Backport
- Target version changed from v18.0.0 to v19.0.0
- Backport changed from pacific,quincy to reef,quincy,pacific
- Copied to Backport #59266: quincy: libcephfs: clear the suid/sgid for fallocate added
- Copied to Backport #59267: reef: libcephfs: clear the suid/sgid for fallocate added
- Copied to Backport #59268: pacific: libcephfs: clear the suid/sgid for fallocate added
- Tags set to backport_processed
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF