http://oss.sgi.com/bugzilla/show_bug.cgi?id=308
Summary: SGID bit gets lost with default ACL and owner not in dir
group
Product: Linux XFS
Version: Current
Platform: IA32
OS/Version: Linux
Status: NEW
Severity: major
Priority: High
Component: XFS kernel code
AssignedTo: xfs-master@xxxxxxxxxxx
ReportedBy: s.hetze@xxxxxxxxxxx
SGID inheritance fails if user is not in directory group and default ACL is not
empty. Specially with Linux distributions where all users share the same primary
group (like SuSE) this is likely to introduce security problems in real live
scenario with not technical users.
I attach a script to trigger the bogous behavior. I already took a look into the
source, but since the inheritance works correct if the user is in the directory
group and irix_sgid_inherit set to 0 I am lost without clue what causes this
bug.
Maybe someone out there can help...
--snip here --- script follows ------------
#! /bin/bash
# set this to somewhere in the XFS tree
testroot=/home/some-XFS-test-dir
# if you enable this part, the testusers and groups are created.
if(false) then
adduser --disabled-password --no-create-home --gecos "test1" test1
adduser --disabled-password --no-create-home --gecos "test2" test2
addgroup testgroup1
addgroup testgroup2
adduser test1 testgroup1
adduser test2 testgroup1
adduser test2 testgroup2
fi
# just in case you perform this test repeatedly
rm -fr ${testroot}/testgroup?
# we want to make shure irix_sgid_inherit is off
echo "irix_sgid_inherit on startup:"
cat /proc/sys/fs/xfs/irix_sgid_inherit
echo "We force irix_sgid_inherit to 0:"
echo 0 > /proc/sys/fs/xfs/irix_sgid_inherit
cat /proc/sys/fs/xfs/irix_sgid_inherit
# some basic setup for our test environment
umask 0007
mkdir ${testroot}/testgroup1
chown test1.testgroup1 ${testroot}/testgroup1
mkdir ${testroot}/testgroup2
chown test2.testgroup2 ${testroot}/testgroup2
mkdir ${testroot}/testgroup3
chown test1.testgroup2 ${testroot}/testgroup3
chmod 2770 ${testroot}/testgroup3
# first we see what SGID is supposed to do...
su test1 -c chmod 2770 ${testroot}/testgroup1
su test2 -c mkdir ${testroot}/testgroup1/testdir1
su test2 -c mkdir ${testroot}/testgroup1/testdir1/testdir2
echo "Nothing special here: SGID is inherited from parent"
ls -ld ${testroot}/testgroup1/
ls -ld ${testroot}/testgroup1/testdir1
ls -ld ${testroot}/testgroup1/testdir1/testdir2
# As long as owner is in directory group, no problems with SGID inheritance
# even if default ACL is set
echo
echo "First check: ordinary group dir"
su test2 -c mkdir ${testroot}/testgroup1/testdir3
su test2 -c "setfacl -m d:g:testgroup2:rwx ${testroot}/testgroup1/testdir3"
su test2 -c "setfacl -m g:testgroup2:rwx ${testroot}/testgroup1/testdir3"
su test2 -c mkdir ${testroot}/testgroup1/testdir3/testdir4
echo "nothing changes here with default ACL as long as owner is in group"
ls -ld ${testroot}/testgroup1/
ls -ld ${testroot}/testgroup1/testdir3/
getfacl ${testroot}/testgroup1/testdir3
ls -ld ${testroot}/testgroup1/testdir3/testdir4
getfacl ${testroot}/testgroup1/testdir3/testdir4
echo
# without default ACL user does not need to be in directory group
echo "Second check: home dir with external group (user does not belong to)"
su test1 -c mkdir ${testroot}/testgroup3/testdir1
su test1 -c mkdir ${testroot}/testgroup3/testdir1/testdir2
echo "The first generation of DIRs living in the SGID parent are owned by that
group"
ls -ld ${testroot}/testgroup3/testdir1
echo "with irix_sgid_inherit set to 0 we get inheritance for SGID here:"
ls -ld ${testroot}/testgroup3/testdir1/testdir2
echo
# this is more or less the same, owner gets write access through
# access ACL
echo "Third check: group dir with additional write access"
su test2 -c chmod 2770 ${testroot}/testgroup2
echo "testgroup1 gets acl write access to testgroup2 dir"
su test2 -c "setfacl -m g:testgroup1:rwx ${testroot}/testgroup2"
echo -n "test1 can make dir and subdir "
su test1 -c mkdir ${testroot}/testgroup2/testdir1
su test1 -c mkdir ${testroot}/testgroup2/testdir1/testdir2
echo "and the SGID keeps inherited"
ls -ld ${testroot}/testgroup2/
ls -ld ${testroot}/testgroup2/testdir1/
ls -ld ${testroot}/testgroup2/testdir1/testdir2
getfacl ${testroot}/testgroup2
# here we finally get the bug:
echo "Final check: group dir with default ACL"
echo "now testgroup1 gets default ACL with write access to testdir3"
su test2 -c mkdir ${testroot}/testgroup2/testdir3
su test2 -c "setfacl -m g:testgroup1:rwx ${testroot}/testgroup2/testdir3"
su test2 -c "setfacl -m d:g:testgroup1:rwx ${testroot}/testgroup2/testdir3"
echo "test1 again can make subdir and first generation is owned by testgroup2"
echo "but SGID bit itself is lost..."
su test1 -c mkdir ${testroot}/testgroup2/testdir3/testdir4
ls -ld ${testroot}/testgroup2/testdir3
ls -ld ${testroot}/testgroup2/testdir3/testdir4
getfacl ${testroot}/testgroup2/testdir3
# again, if you enable this users and groups will be deleted upon
# completetion
if(false) then
deluser test1
deluser test2
delgroup testgroup2
delgroup testgroup1
fi
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
|