From patchwork Mon Dec 3 08:34:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Chinner X-Patchwork-Id: 10708891 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3043013BF for ; Mon, 3 Dec 2018 08:40:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 236C22A967 for ; Mon, 3 Dec 2018 08:40:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 17A3B2A98D; Mon, 3 Dec 2018 08:40:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3B762A967 for ; Mon, 3 Dec 2018 08:40:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725947AbeLCIkW (ORCPT ); Mon, 3 Dec 2018 03:40:22 -0500 Received: from ipmailnode02.adl6.internode.on.net ([150.101.137.148]:53319 "EHLO ipmailnode02.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725979AbeLCIjf (ORCPT ); Mon, 3 Dec 2018 03:39:35 -0500 Received: from ppp59-167-129-252.static.internode.on.net (HELO dastard) ([59.167.129.252]) by ipmail02.adl6.internode.on.net with ESMTP; 03 Dec 2018 19:04:19 +1030 Received: from discord.disaster.area ([192.168.1.111]) by dastard with esmtp (Exim 4.80) (envelope-from ) id 1gTjgJ-0003PW-2t; Mon, 03 Dec 2018 19:34:19 +1100 Received: from dave by discord.disaster.area with local (Exim 4.91) (envelope-from ) id 1gTjgJ-00006A-1l; Mon, 03 Dec 2018 19:34:19 +1100 From: Dave Chinner To: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org Cc: olga.kornievskaia@gmail.com, linux-nfs@vger.kernel.org, linux-unionfs@vger.kernel.org, ceph-devel@vger.kernel.org, linux-cifs@vger.kernel.org Subject: [PATCH 06/11] vfs: copy_file_range needs to strip setuid bits Date: Mon, 3 Dec 2018 19:34:11 +1100 Message-Id: <20181203083416.28978-7-david@fromorbit.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181203083416.28978-1-david@fromorbit.com> References: <20181203083416.28978-1-david@fromorbit.com> MIME-Version: 1.0 Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Dave Chinner The file we are copying data into needs to have its setuid bit stripped before we start the data copy so that unprivileged users can't copy data into executables that are run with root privs. Signed-off-by: Dave Chinner Reviewed-by: Amir Goldstein --- fs/read_write.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index 69809345977e..3b101183ea19 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1574,6 +1574,16 @@ static ssize_t do_copy_file_range(struct file *file_in, loff_t pos_in, struct file *file_out, loff_t pos_out, size_t len, unsigned int flags) { + ssize_t ret; + + /* + * Clear the security bits if the process is not being run by root. + * This keeps people from modifying setuid and setgid binaries. + */ + ret = file_remove_privs(file_out); + if (ret) + return ret; + if (file_out->f_op->copy_file_range) return file_out->f_op->copy_file_range(file_in, pos_in, file_out, pos_out, len, flags);