c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-01-26 09:54:22 +03:00
Code Issues Packages Projects Releases Wiki Activity
3d244b4881
mirror_zfs/module/zfs
History
Pawel Jakub Dawidek 3d244b4881
Fix clearing set-uid and set-gid bits on a file when replying a write 
POSIX requires that set-uid and set-gid bits to be removed when an
unprivileged user writes to a file and ZFS does that during normal
operation.

The problem arrises when the write is stored in the ZIL and replayed.
During replay we have no access to original credentials of the process
doing the write, so zfs_write() will be performed with the root
credentials. When root is doing the write set-uid and set-gid bits
are not removed from the file.

To correct that, log a separate TX_SETATTR entry that removed those bits
on first write to such file.

Idea from:	Christian Schwarz

Add test for ZIL replay of setuid/setgid clearing.

Improve various edge cases when clearing setid bits:
- The setid bits can be readded during a single write, so make sure to check
  for them on every chunk write.
- Log TX_SETATTR record at most once per transaction group (if the setid bits
  are keep coming back).
- Move zfs_log_setattr() outside of zp->z_acl_lock.

Reviewed-by: Dan McDonald <danmcd@joyent.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: Christian Schwarz <me@cschwarz.com>
Signed-off-by: Pawel Jakub Dawidek <pawel@dawidek.net>
Closes #13027
2022-02-03 14:37:57 -08:00
..
abd.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
aggsum.c More aggsum optimizations 2021-06-07 09:02:47 -07:00
arc.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
blkptr.c Add zstd support to zfs 2020-08-20 10:30:06 -07:00
bplist.c Fast Clone Deletion 2019-07-26 10:54:14 -07:00
bpobj.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
bptree.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
bqueue.c Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
btree.c Add --enable-asan and --enable-ubsan switches 2022-02-03 14:35:38 -08:00
dataset_kstats.c Introduce write-mostly sums 2021-05-27 14:27:29 -06:00
dbuf_stats.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dbuf.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
ddt_zap.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
ddt.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dmu_diff.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dmu_object.c Introduce CPU_SEQID_UNSTABLE 2020-11-02 11:51:12 -08:00
dmu_objset.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
dmu_recv.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dmu_redact.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
dmu_send.c Report dnodes with faulty bonuslen 2022-02-03 14:28:19 -08:00
dmu_traverse.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dmu_tx.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
dmu_zfetch.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dmu.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dnode_sync.c Report dnodes with faulty bonuslen 2022-02-03 14:28:19 -08:00
dnode.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dsl_bookmark.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dsl_crypt.c Introduce a flag to skip comparing the local mac when raw sending 2022-01-21 11:41:17 -08:00
dsl_dataset.c Simplify resume token generation 2022-02-01 17:04:08 -08:00
dsl_deadlist.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dsl_deleg.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
dsl_destroy.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dsl_dir.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dsl_pool.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
dsl_prop.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dsl_scan.c Report dnodes with faulty bonuslen 2022-02-03 14:28:19 -08:00
dsl_synctask.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
dsl_userhold.c Replace sprintf()->snprintf() and strcpy()->strlcpy() 2020-06-07 11:42:12 -07:00
edonr_zfs.c Replace *CTASSERT() with _Static_assert() 2022-01-26 11:38:52 -08:00
fm.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
gzip.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
hkdf.c Encryption patch follow-up 2017-10-11 16:54:48 -04:00
lz4_zfs.c Updated the lz4 decompressor 2022-01-07 10:36:49 -08:00
lz4.c lz4: Cherrypick fix for CVE-2021-3520 2022-01-12 16:14:36 -08:00
lzjb.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
Makefile.in Updated the lz4 decompressor 2022-01-07 10:36:49 -08:00
metaslab.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
mmp.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
multilist.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
objlist.c Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
pathname.c Replace ZFS on Linux references with OpenZFS 2020-10-08 20:10:13 -07:00
range_tree.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
refcount.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
rrwlock.c Rename refcount.h to zfs_refcount.h 2020-07-29 16:35:33 -07:00
sa.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
sha256.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
skein_zfs.c Add include files for prototypes 2020-06-18 12:21:25 -07:00
spa_boot.c Add include files for prototypes 2020-06-18 12:21:25 -07:00
spa_checkpoint.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
spa_config.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
spa_errlog.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
spa_history.c Annotated dprintf as printf-like 2021-06-22 21:53:45 -07:00
spa_log_spacemap.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
spa_misc.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
spa_stats.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
spa.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
space_map.c Annotated dprintf as printf-like 2021-06-22 21:53:45 -07:00
space_reftree.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
THIRDPARTYLICENSE.cityhash OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
THIRDPARTYLICENSE.cityhash.descrip OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
txg.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
uberblock.c MMP interval and fail_intervals in uberblock 2019-03-21 12:47:57 -07:00
unique.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
vdev_cache.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_draid_rand.c Distributed Spare (dRAID) Feature 2020-11-13 13:51:51 -08:00
vdev_draid.c Verify dRAID empty sectors 2022-01-04 16:46:32 -08:00
vdev_indirect_births.c module: zfs: vdev: shim out vdev_indirect_births_verify() 2021-12-23 09:42:29 -08:00
vdev_indirect_mapping.c module: zfs: vdev: shim out vdev_indirect_mapping_verify() 2021-12-23 09:42:41 -08:00
vdev_indirect.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_initialize.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_label.c Add const to nvlist functions to properly expose their real behavior 2021-12-06 18:19:13 -07:00
vdev_mirror.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_missing.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
vdev_queue.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_raidz_math_aarch64_neon_common.h FreeBSD: fix the build with Clang 11 2020-08-17 15:40:17 -07:00
vdev_raidz_math_aarch64_neon.c Linux 5.0 compat: SIMD compatibility 2019-07-12 09:31:20 -07:00
vdev_raidz_math_aarch64_neonx2.c Linux 5.0 compat: SIMD compatibility 2019-07-12 09:31:20 -07:00
vdev_raidz_math_avx2.c FreeBSD: fix the build with Clang 11 2020-08-17 15:40:17 -07:00
vdev_raidz_math_avx512bw.c Refactor ccompile.h to not include system headers 2020-07-25 20:09:50 -07:00
vdev_raidz_math_avx512f.c FreeBSD: fix the build with Clang 11 2020-08-17 15:40:17 -07:00
vdev_raidz_math_impl.h Distributed Spare (dRAID) Feature 2020-11-13 13:51:51 -08:00
vdev_raidz_math_powerpc_altivec_common.h FreeBSD: fix the build with Clang 11 2020-08-17 15:40:17 -07:00
vdev_raidz_math_powerpc_altivec.c Prefix zfs internal endian checks with _ZFS 2020-07-28 13:02:49 -07:00
vdev_raidz_math_scalar.c Use fallthrough macro 2021-09-14 10:17:54 -06:00
vdev_raidz_math_sse2.c FreeBSD: fix the build with Clang 11 2020-08-17 15:40:17 -07:00
vdev_raidz_math_ssse3.c Refactor ccompile.h to not include system headers 2020-07-25 20:09:50 -07:00
vdev_raidz_math.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
vdev_raidz.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_rebuild.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_removal.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev_root.c Distributed Spare (dRAID) Feature 2020-11-13 13:51:51 -08:00
vdev_trim.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
vdev.c Add --enable-asan and --enable-ubsan switches 2022-02-03 14:35:38 -08:00
zap_leaf.c Refactor dnode dirty context from dbuf_dirty 2020-02-26 16:09:17 -08:00
zap_micro.c Annotated dprintf as printf-like 2021-06-22 21:53:45 -07:00
zap.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
zcp_get.c Simplify resume token generation 2022-02-01 17:04:08 -08:00
zcp_global.c OpenZFS 8600 - ZFS channel programs - snapshot 2018-02-08 15:29:24 -08:00
zcp_iter.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
zcp_set.c Support setting user properties in a channel program 2020-02-14 13:41:42 -08:00
zcp_synctask.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
zcp.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
zfeature.c Throw const on some strings 2020-10-02 17:44:10 -07:00
zfs_byteswap.c Mark functions as static 2020-06-18 12:20:38 -07:00
zfs_fm.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
zfs_fuid.c Add const to nvlist functions to properly expose their real behavior 2021-12-06 18:19:13 -07:00
zfs_ioctl.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
zfs_log.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
zfs_onexit.c file reference counts can get corrupted 2021-07-10 19:00:37 -06:00
zfs_quota.c File incorrectly zeroed when receiving incremental stream that toggles -L 2020-06-09 10:41:01 -07:00
zfs_ratelimit.c Change checksum & IO delay ratelimit values 2018-03-04 17:34:51 -08:00
zfs_replay.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
zfs_rlock.c Add a "try" operation for range locks 2020-07-06 11:53:31 -07:00
zfs_sa.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00
zfs_vnops.c Fix clearing set-uid and set-gid bits on a file when replying a write 2022-02-03 14:37:57 -08:00
zil.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
zio_checksum.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
zio_compress.c module: zfs: fix unused, remove argsused 2021-12-23 09:42:47 -08:00
zio_inject.c Optimize small random numbers generation 2021-06-22 17:35:23 -06:00
zio.c Clean up CSTYLEDs 2022-01-26 11:38:52 -08:00
zle.c Add include files for prototypes 2020-06-18 12:21:25 -07:00
zrlock.c Remove dead code 2020-06-18 12:21:18 -07:00
zthr.c Avoid memory allocations in the ARC eviction thread 2022-01-21 10:28:13 -08:00
zvol.c module/*.ko: prune .data, global .rodata 2022-01-14 15:37:55 -08:00