diff options
author | M. Mohan Kumar <mohan@in.ibm.com> | 2012-01-19 12:21:12 +0530 |
---|---|---|
committer | Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> | 2012-01-30 10:54:16 +0530 |
commit | 2d40564aaab3a99fe6ce00fc0fc893c02e9443ec (patch) | |
tree | 8b297266eff6d33d444051ded22b18f5b2669994 /hw/9pfs | |
parent | 2c30dd744aa02d31a8a3b87daaba0b2cb774f346 (diff) | |
download | qemu-2d40564aaab3a99fe6ce00fc0fc893c02e9443ec.zip qemu-2d40564aaab3a99fe6ce00fc0fc893c02e9443ec.tar.gz qemu-2d40564aaab3a99fe6ce00fc0fc893c02e9443ec.tar.bz2 |
hw/9pfs: Preserve S_ISGID
In passthrough security model in local fs driver, after a file creation
chown and chmod are done to set the file credentials and mode as requested
by 9p client. But if there was a request to create a file with S_ISGID
bit, doing chown on that file resets the S_ISGID bit. So first call
chown and then invoking chmod with proper mode bit retains the S_ISGID
(if present/requested)
This resulted in LTP mknod02, mknod03, mknod05, open10 test case
failures. This patch fixes this issue.
man 2 chown
When the owner or group of an executable file are changed by an unprivileged
user the S_ISUID and S_ISGID mode bits are cleared. POSIX does not specify
whether this also should happen when root does the chown(); the Linux behavior
depends on the kernel version.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Diffstat (limited to 'hw/9pfs')
-rw-r--r-- | hw/9pfs/virtio-9p-handle.c | 4 | ||||
-rw-r--r-- | hw/9pfs/virtio-9p-local.c | 7 |
2 files changed, 6 insertions, 5 deletions
diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c index cb012c0..f96d17a 100644 --- a/hw/9pfs/virtio-9p-handle.c +++ b/hw/9pfs/virtio-9p-handle.c @@ -63,11 +63,11 @@ static int handle_update_file_cred(int dirfd, const char *name, FsCred *credp) if (fd < 0) { return fd; } - ret = fchmod(fd, credp->fc_mode & 07777); + ret = fchownat(fd, "", credp->fc_uid, credp->fc_gid, AT_EMPTY_PATH); if (ret < 0) { goto err_out; } - ret = fchownat(fd, "", credp->fc_uid, credp->fc_gid, AT_EMPTY_PATH); + ret = fchmod(fd, credp->fc_mode & 07777); err_out: close(fd); return ret; diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c index 6e3f9d1..33a41d2 100644 --- a/hw/9pfs/virtio-9p-local.c +++ b/hw/9pfs/virtio-9p-local.c @@ -257,9 +257,6 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path, { char buffer[PATH_MAX]; - if (chmod(rpath(fs_ctx, path, buffer), credp->fc_mode & 07777) < 0) { - return -1; - } if (lchown(rpath(fs_ctx, path, buffer), credp->fc_uid, credp->fc_gid) < 0) { /* @@ -270,6 +267,10 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path, return -1; } } + + if (chmod(rpath(fs_ctx, path, buffer), credp->fc_mode & 07777) < 0) { + return -1; + } return 0; } |