[Virtio-fs] [virtiofsd-rs] MR merged: Fix killpriv v1 enforcement on writes
virtiofs-bot at sinrega.org
virtiofs-bot at sinrega.org
Tue Apr 27 15:02:12 UTC 2021
The `set_creds` function returns a pair of ScopedUid/ScopedGid objects
(well, they're `Option<Scoped...>`) that change the effective uid and
gid of the calling thread for the duration of their scope. That is, once
they're dropped, they "pop" the new uid/gid back to uid/gid 0.
Trouble is, right now, these objects' scope is actually the lexical
block of the if statement. This means the current thread's uid/gid
changes only for the scope of the if-statement and then is popped back
to uid/gid 0 before attempting the write.
To fix this, retain these objects for the enclosing function scope
rather than just the scope of the if statement. This way, the thread's
uid/gid change is effective for the duration of the write, which I
believe was the original intent.
Note: I was unable to test this with a mainline kernel. I dug into it,
and I think it's a backwards compatibility mixup in the FUSE module. I
sent a patch upstream[1]. I also tested _this_ patch with a patched kernel
and verified this works as intended. I also verified that _without this
patch_, the privileges are not killed.
[1] https://lore.kernel.org/linux-fsdevel/20210423151919.195033-1-ckuehl@redhat.com/T/#u
Signed-off-by: Connor Kuehl <ckuehl at redhat.com>
---
https://gitlab.com/virtio-fs/virtiofsd-rs/-/merge_requests/24
More information about the Virtio-fs
mailing list