From: Amir Goldstein <amir73il@gmail.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sasha Levin <sashal@kernel.org>,
"Darrick J . Wong" <djwong@kernel.org>,
Leah Rumancik <leah.rumancik@gmail.com>,
Chandan Babu R <chandan.babu@oracle.com>,
Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org,
stable@vger.kernel.org
Subject: [PATCH 5.10 11/15] fs: move should_remove_suid()
Date: Sat, 18 Mar 2023 12:15:25 +0200 [thread overview]
Message-ID: <20230318101529.1361673-12-amir73il@gmail.com> (raw)
In-Reply-To: <20230318101529.1361673-1-amir73il@gmail.com>
commit e243e3f94c804ecca9a8241b5babe28f35258ef4 upstream.
Move the helper from inode.c to attr.c. This keeps the the core of the
set{g,u}id stripping logic in one place when we add follow-up changes.
It is the better place anyway, since should_remove_suid() returns
ATTR_KILL_S{G,U}ID flags.
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
---
fs/attr.c | 29 +++++++++++++++++++++++++++++
fs/inode.c | 29 -----------------------------
2 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/fs/attr.c b/fs/attr.c
index 300ba5153868..666489157978 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -20,6 +20,35 @@
#include "internal.h"
+/*
+ * The logic we want is
+ *
+ * if suid or (sgid and xgrp)
+ * remove privs
+ */
+int should_remove_suid(struct dentry *dentry)
+{
+ umode_t mode = d_inode(dentry)->i_mode;
+ int kill = 0;
+
+ /* suid always must be killed */
+ if (unlikely(mode & S_ISUID))
+ kill = ATTR_KILL_SUID;
+
+ /*
+ * sgid without any exec bits is just a mandatory locking mark; leave
+ * it alone. If some exec bits are set, it's a real sgid; kill it.
+ */
+ if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
+ kill |= ATTR_KILL_SGID;
+
+ if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
+ return kill;
+
+ return 0;
+}
+EXPORT_SYMBOL(should_remove_suid);
+
static bool chown_ok(const struct inode *inode, kuid_t uid)
{
if (uid_eq(current_fsuid(), inode->i_uid) &&
diff --git a/fs/inode.c b/fs/inode.c
index 63f86aeda7fd..f52dd6feea98 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1854,35 +1854,6 @@ void touch_atime(const struct path *path)
}
EXPORT_SYMBOL(touch_atime);
-/*
- * The logic we want is
- *
- * if suid or (sgid and xgrp)
- * remove privs
- */
-int should_remove_suid(struct dentry *dentry)
-{
- umode_t mode = d_inode(dentry)->i_mode;
- int kill = 0;
-
- /* suid always must be killed */
- if (unlikely(mode & S_ISUID))
- kill = ATTR_KILL_SUID;
-
- /*
- * sgid without any exec bits is just a mandatory locking mark; leave
- * it alone. If some exec bits are set, it's a real sgid; kill it.
- */
- if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
- kill |= ATTR_KILL_SGID;
-
- if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
- return kill;
-
- return 0;
-}
-EXPORT_SYMBOL(should_remove_suid);
-
/*
* Return mask of changes for notify_change() that need to be done as a
* response to write or truncate. Return 0 if nothing has to be changed.
--
2.34.1
next prev parent reply other threads:[~2023-03-18 10:16 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-18 10:15 [PATCH 5.10 00/15] xfs backports for 5.10.y (from v5.15.103) Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 01/15] xfs: don't assert fail on perag references on teardown Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 02/15] xfs: purge dquots after inode walk fails during quotacheck Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 03/15] xfs: don't leak btree cursor when insrec fails after a split Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 04/15] xfs: remove XFS_PREALLOC_SYNC Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 05/15] xfs: fallocate() should call file_modified() Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 06/15] xfs: set prealloc flag in xfs_alloc_file_space() Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 07/15] xfs: use setattr_copy to set vfs inode attributes Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 08/15] fs: add mode_strip_sgid() helper Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 09/15] fs: move S_ISGID stripping into the vfs_*() helpers Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 10/15] attr: add in_group_or_capable() Amir Goldstein
2023-03-18 10:15 ` Amir Goldstein [this message]
2023-03-18 10:15 ` [PATCH 5.10 12/15] attr: add setattr_should_drop_sgid() Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 13/15] attr: use consistent sgid stripping checks Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 14/15] fs: use consistent setgid checks in is_sxid() Amir Goldstein
2023-03-18 10:15 ` [PATCH 5.10 15/15] xfs: remove xfs_setattr_time() declaration Amir Goldstein
2023-03-20 14:13 ` [PATCH 5.10 00/15] xfs backports for 5.10.y (from v5.15.103) Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230318101529.1361673-12-amir73il@gmail.com \
--to=amir73il@gmail.com \
--cc=brauner@kernel.org \
--cc=chandan.babu@oracle.com \
--cc=djwong@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=leah.rumancik@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).