xfs
[Top] [All Lists]

[Bug 308] New: SGID bit gets lost with default ACL and owner not in dir

To: xfs-master@xxxxxxxxxxx
Subject: [Bug 308] New: SGID bit gets lost with default ACL and owner not in dir group
From: bugzilla-daemon@xxxxxxxxxxx
Date: Mon, 16 Feb 2004 05:47:17 -0800
Sender: linux-xfs-bounce@xxxxxxxxxxx
http://oss.sgi.com/bugzilla/show_bug.cgi?id=308

           Summary: SGID bit gets lost with default ACL and owner not in dir
                    group
           Product: Linux XFS
           Version: Current
          Platform: IA32
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: High
         Component: XFS kernel code
        AssignedTo: xfs-master@xxxxxxxxxxx
        ReportedBy: s.hetze@xxxxxxxxxxx


SGID inheritance fails if user is not in directory group and default ACL is not
empty. Specially with Linux distributions where all users share the same primary
group (like SuSE) this is likely to introduce security problems in real live
scenario with not technical users.

I attach a script to trigger the bogous behavior. I already took a look into the
source, but since the inheritance works correct if the user is in the directory
group and irix_sgid_inherit set to 0 I am lost without clue what causes this 
bug.
Maybe someone out there can help...


--snip here --- script follows ------------
#! /bin/bash

# set this to somewhere in the XFS tree
testroot=/home/some-XFS-test-dir

# if you enable this part, the testusers and groups are created.
if(false) then
        adduser --disabled-password --no-create-home --gecos "test1" test1
        adduser --disabled-password --no-create-home --gecos "test2" test2
        addgroup testgroup1
        addgroup testgroup2
        adduser test1 testgroup1
        adduser test2 testgroup1
        adduser test2 testgroup2
fi

# just in case you perform this test repeatedly
rm -fr ${testroot}/testgroup?

# we want to make shure irix_sgid_inherit is off
echo "irix_sgid_inherit on startup:"
cat /proc/sys/fs/xfs/irix_sgid_inherit
echo "We force irix_sgid_inherit to 0:"
echo 0 > /proc/sys/fs/xfs/irix_sgid_inherit
cat /proc/sys/fs/xfs/irix_sgid_inherit

# some basic setup for our test environment
umask 0007
mkdir ${testroot}/testgroup1
chown test1.testgroup1 ${testroot}/testgroup1

mkdir ${testroot}/testgroup2
chown test2.testgroup2 ${testroot}/testgroup2

mkdir ${testroot}/testgroup3
chown test1.testgroup2 ${testroot}/testgroup3
chmod 2770 ${testroot}/testgroup3

# first we see what SGID is supposed to do...
su test1 -c chmod 2770 ${testroot}/testgroup1
su test2 -c mkdir ${testroot}/testgroup1/testdir1
su test2 -c mkdir ${testroot}/testgroup1/testdir1/testdir2
echo "Nothing special here: SGID is inherited from parent"
ls -ld ${testroot}/testgroup1/
ls -ld ${testroot}/testgroup1/testdir1
ls -ld ${testroot}/testgroup1/testdir1/testdir2

# As long as owner is in directory group, no problems with SGID inheritance
# even if default ACL is set
echo
echo "First check: ordinary group dir"
su test2 -c mkdir ${testroot}/testgroup1/testdir3
su test2 -c "setfacl -m d:g:testgroup2:rwx ${testroot}/testgroup1/testdir3"
su test2 -c "setfacl -m g:testgroup2:rwx ${testroot}/testgroup1/testdir3"
su test2 -c mkdir ${testroot}/testgroup1/testdir3/testdir4
echo "nothing changes here with default ACL as long as owner is in group"
ls -ld ${testroot}/testgroup1/
ls -ld ${testroot}/testgroup1/testdir3/
getfacl ${testroot}/testgroup1/testdir3
ls -ld ${testroot}/testgroup1/testdir3/testdir4
getfacl ${testroot}/testgroup1/testdir3/testdir4
echo

# without default ACL user does not need to be in directory group
echo "Second check: home dir with external group (user does not belong to)"
su test1 -c mkdir ${testroot}/testgroup3/testdir1
su test1 -c mkdir ${testroot}/testgroup3/testdir1/testdir2
echo "The first generation of DIRs living in the SGID parent are owned by that
group"
ls -ld ${testroot}/testgroup3/testdir1
echo "with irix_sgid_inherit set to 0 we get inheritance for SGID here:"
ls -ld ${testroot}/testgroup3/testdir1/testdir2
echo

# this is more or less the same, owner gets write access through
# access ACL
echo "Third check: group dir with additional write access"
su test2 -c chmod 2770 ${testroot}/testgroup2
echo "testgroup1 gets acl write access to testgroup2 dir"
su test2 -c "setfacl -m g:testgroup1:rwx ${testroot}/testgroup2"
echo -n "test1 can make dir and subdir "
su test1 -c mkdir ${testroot}/testgroup2/testdir1
su test1 -c mkdir ${testroot}/testgroup2/testdir1/testdir2
echo "and the SGID keeps inherited"
ls -ld ${testroot}/testgroup2/
ls -ld ${testroot}/testgroup2/testdir1/
ls -ld ${testroot}/testgroup2/testdir1/testdir2
getfacl ${testroot}/testgroup2

# here we finally get the bug:
echo "Final check: group dir with default ACL"
echo "now testgroup1 gets default ACL with write access to testdir3"
su test2 -c mkdir ${testroot}/testgroup2/testdir3
su test2 -c "setfacl -m g:testgroup1:rwx ${testroot}/testgroup2/testdir3"
su test2 -c "setfacl -m d:g:testgroup1:rwx ${testroot}/testgroup2/testdir3"
echo "test1 again can make subdir and first generation is owned by testgroup2"
echo "but SGID bit itself is lost..."
su test1 -c mkdir ${testroot}/testgroup2/testdir3/testdir4
ls -ld ${testroot}/testgroup2/testdir3
ls -ld ${testroot}/testgroup2/testdir3/testdir4
getfacl ${testroot}/testgroup2/testdir3


# again, if you enable this users and groups will be deleted upon
# completetion
if(false) then
        deluser test1
        deluser test2
        delgroup testgroup2
        delgroup testgroup1
fi



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


<Prev in Thread] Current Thread [Next in Thread>
  • [Bug 308] New: SGID bit gets lost with default ACL and owner not in dir group, bugzilla-daemon <=