Re: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-03-03 Thread Miklos Szeredi
On Tue, Mar 2, 2021 at 5:26 PM Vivek Goyal wrote: > > I still feel that it should probably be fixed in virtiofsd, given fuse > > client > > is expecting file server to take care of any change of mode (file > > permission bits). > > Havid said that, there is one disadvantage of relying on server

Re: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-03-02 Thread Vivek Goyal
On Tue, Mar 02, 2021 at 11:00:33AM -0500, Vivek Goyal wrote: > On Mon, Mar 01, 2021 at 06:20:30PM +, Luis Henriques wrote: > > On Mon, Mar 01, 2021 at 11:33:24AM -0500, Vivek Goyal wrote: > > > On Fri, Feb 26, 2021 at 06:33:57PM +, Luis Henriques wrote: > > > > Setting file permissions

Re: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-03-02 Thread Vivek Goyal
On Mon, Mar 01, 2021 at 06:20:30PM +, Luis Henriques wrote: > On Mon, Mar 01, 2021 at 11:33:24AM -0500, Vivek Goyal wrote: > > On Fri, Feb 26, 2021 at 06:33:57PM +, Luis Henriques wrote: > > > Setting file permissions with POSIX ACLs (setxattr) isn't clearing the > > > setgid bit. This

Re: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-03-02 Thread Vivek Goyal
On Mon, Mar 01, 2021 at 11:33:24AM -0500, Vivek Goyal wrote: > On Fri, Feb 26, 2021 at 06:33:57PM +, Luis Henriques wrote: > > Setting file permissions with POSIX ACLs (setxattr) isn't clearing the > > setgid bit. This seems to be CVE-2016-7097, detected by running fstest > > generic/375 in

Re: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-03-01 Thread Luis Henriques
On Mon, Mar 01, 2021 at 11:33:24AM -0500, Vivek Goyal wrote: > On Fri, Feb 26, 2021 at 06:33:57PM +, Luis Henriques wrote: > > Setting file permissions with POSIX ACLs (setxattr) isn't clearing the > > setgid bit. This seems to be CVE-2016-7097, detected by running fstest > > generic/375 in

Re: [RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-03-01 Thread Vivek Goyal
On Fri, Feb 26, 2021 at 06:33:57PM +, Luis Henriques wrote: > Setting file permissions with POSIX ACLs (setxattr) isn't clearing the > setgid bit. This seems to be CVE-2016-7097, detected by running fstest > generic/375 in virtiofs. Unfortunately, when the fix for this CVE landed > in the

[RFC PATCH] fuse: Clear SGID bit when setting mode in setacl

2021-02-26 Thread Luis Henriques
Setting file permissions with POSIX ACLs (setxattr) isn't clearing the setgid bit. This seems to be CVE-2016-7097, detected by running fstest generic/375 in virtiofs. Unfortunately, when the fix for this CVE landed in the kernel with commit 073931017b49 ("posix_acl: Clear SGID bit when setting