xfs
[Top] [All Lists]

Re: [PATCH] nfsd: revoking of suid/sgid bits after chown() in a consiste

To: "J. Bruce Fields" <bfields@xxxxxxxxxxxx>
Subject: Re: [PATCH] nfsd: revoking of suid/sgid bits after chown() in a consistent way
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Thu, 12 Dec 2013 00:13:59 -0800
Cc: Stanislav Kholmanskikh <stanislav.kholmanskikh@xxxxxxxxxx>, linux-nfs@xxxxxxxxxxxxxxx, vasily.isaenko@xxxxxxxxxx, hch@xxxxxxxxxxxxx, xfs@xxxxxxxxxxx, sprabhu@xxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20131212033859.GA5978@xxxxxxxxxxxx>
References: <20131206204747.GB12613@xxxxxxxxxxxx> <1386756996-28083-1-git-send-email-stanislav.kholmanskikh@xxxxxxxxxx> <52A845C6.2080109@xxxxxxxxxx> <20131212033859.GA5978@xxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Wed, Dec 11, 2013 at 10:38:59PM -0500, J. Bruce Fields wrote:
> In the v3 case I'd expect the open O_TRUNC to result in a SETATTR rpc,
> in the v4 case an OPEN rpc.  Both result in a call to nfsd_setattr,
> though I only see nfsd_setattr turning off the SUID/SGID bits in the
> chown case.  Are you sure it isn't the subsequent write that clears
> those bits?

We've traditionally cleared the suid bits for O_TRUNC for local
filesystem, although this is more a convention than a real security
need.  It would still be good if NFSv4 would follow the general
semantics.

<Prev in Thread] Current Thread [Next in Thread>