zfs/module
Pawel Jakub Dawidek 3d244b4881
Fix clearing set-uid and set-gid bits on a file when replying a write
POSIX requires that set-uid and set-gid bits to be removed when an
unprivileged user writes to a file and ZFS does that during normal
operation.

The problem arrises when the write is stored in the ZIL and replayed.
During replay we have no access to original credentials of the process
doing the write, so zfs_write() will be performed with the root
credentials. When root is doing the write set-uid and set-gid bits
are not removed from the file.

To correct that, log a separate TX_SETATTR entry that removed those bits
on first write to such file.

Idea from:	Christian Schwarz

Add test for ZIL replay of setuid/setgid clearing.

Improve various edge cases when clearing setid bits:
- The setid bits can be readded during a single write, so make sure to check
  for them on every chunk write.
- Log TX_SETATTR record at most once per transaction group (if the setid bits
  are keep coming back).
- Move zfs_log_setattr() outside of zp->z_acl_lock.

Reviewed-by: Dan McDonald <danmcd@joyent.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: Christian Schwarz <me@cschwarz.com>
Signed-off-by: Pawel Jakub Dawidek <pawel@dawidek.net>
Closes #13027
2022-02-03 14:37:57 -08:00
..
avl Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
icp Add `--enable-asan` and `--enable-ubsan` switches 2022-02-03 14:35:38 -08:00
lua Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
nvpair module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
os Replace *CTASSERT() with _Static_assert() 2022-01-26 11:38:52 -08:00
spl Cleanup linux module kbuild files 2020-06-10 09:24:15 -07:00
unicode module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
zcommon Add `--enable-asan` and `--enable-ubsan` switches 2022-02-03 14:35:38 -08:00
zfs Fix clearing set-uid and set-gid bits on a file when replying a write 2022-02-03 14:37:57 -08:00
zstd Add `--enable-asan` and `--enable-ubsan` switches 2022-02-03 14:35:38 -08:00
.gitignore Cleanup linux module kbuild files 2020-06-10 09:24:15 -07:00
Kbuild.in Add zstd support to zfs 2020-08-20 10:30:06 -07:00
Makefile.bsd Updated the lz4 decompressor 2022-01-07 10:36:49 -08:00
Makefile.in module: Makefile: simplify clean and install jobs 2022-01-26 11:29:23 -08:00