diff options
| author | Pawel Jakub Dawidek <[email protected]> | 2022-02-03 14:37:57 -0800 |
|---|---|---|
| committer | GitHub <[email protected]> | 2022-02-03 14:37:57 -0800 |
| commit | 3d244b488155e04ec059e66752d7138aa75e7e48 (patch) | |
| tree | ea29349eea084539d30180d5638874e66e17d1f8 /etc/default | |
| parent | 63652e154643cfe596fe077c13de0e7be34dd863 (diff) | |
Fix clearing set-uid and set-gid bits on a file when replying a write
POSIX requires that set-uid and set-gid bits to be removed when an
unprivileged user writes to a file and ZFS does that during normal
operation.
The problem arrises when the write is stored in the ZIL and replayed.
During replay we have no access to original credentials of the process
doing the write, so zfs_write() will be performed with the root
credentials. When root is doing the write set-uid and set-gid bits
are not removed from the file.
To correct that, log a separate TX_SETATTR entry that removed those bits
on first write to such file.
Idea from: Christian Schwarz
Add test for ZIL replay of setuid/setgid clearing.
Improve various edge cases when clearing setid bits:
- The setid bits can be readded during a single write, so make sure to check
for them on every chunk write.
- Log TX_SETATTR record at most once per transaction group (if the setid bits
are keep coming back).
- Move zfs_log_setattr() outside of zp->z_acl_lock.
Reviewed-by: Dan McDonald <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Co-authored-by: Christian Schwarz <[email protected]>
Signed-off-by: Pawel Jakub Dawidek <[email protected]>
Closes #13027
Diffstat (limited to 'etc/default')
0 files changed, 0 insertions, 0 deletions