| Message ID | 1464274968-31182-2-git-send-email-jack@suse.cz (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Honza, 2016-05-26 17:02 GMT+02:00 Jan Kara <jack@suse.cz>: > When file permissions are modified via chmod(2) and the user modifying the > permissions is not capable of setting SGID bit for the file, the bit gets > cleared in inode_change_ok(). However this is not the case when file > permissions get modified via setfacl(1). this looks like a bug we need to fix, but the two patches are horrible. How about introducing the following helper in fs/posix_acl.c instead? int posix_acl_update_mode(struct inode *inode, struct posix_acl **acl) { int error; error = posix_acl_equiv_mode(*acl, &inode->i_mode); if (error < 0) return error; if (error == 0) *acl = NULL; if (!in_group_p(inode->i_gid) && !capable_wrt_inode_uidgid(inode, CAP_FSETID)) inode->i_mode &= ~S_ISGID; return 0; } Once all filesystems use that, posix_acl_equiv_mode can be made static. Thanks, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 0a7c5119ed8d..d714b9216418 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -311,8 +311,12 @@ posix_acl_equiv_mode(struct inode *inode, const struct posix_acl *acl, return -EINVAL; } } - if (mode_p) + if (mode_p) { + if (!in_group_p(inode->i_gid) && + !capable_wrt_inode_uidgid(inode, CAP_FSETID)) + *mode_p &= ~S_ISGID; *mode_p = (*mode_p & ~S_IRWXUGO) | mode; + } return not_equiv; } EXPORT_SYMBOL(posix_acl_equiv_mode);
When file permissions are modified via chmod(2) and the user modifying the permissions is not capable of setting SGID bit for the file, the bit gets cleared in inode_change_ok(). However this is not the case when file permissions get modified via setfacl(1). Add clearing of SGID bit to posix_acl_equiv_mode(). Signed-off-by: Jan Kara <jack@suse.cz> --- fs/posix_acl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)