Go to file
Pawel Jakub Dawidek 3e27b589cf Fix clearing set-uid and set-gid bits on a file when replying a write
POSIX requires that set-uid and set-gid bits to be removed when an
unprivileged user writes to a file and ZFS does that during normal
operation.

The problem arrises when the write is stored in the ZIL and replayed.
During replay we have no access to original credentials of the process
doing the write, so zfs_write() will be performed with the root
credentials. When root is doing the write set-uid and set-gid bits
are not removed from the file.

To correct that, log a separate TX_SETATTR entry that removed those bits
on first write to such file.

Idea from:	Christian Schwarz

Add test for ZIL replay of setuid/setgid clearing.

Improve various edge cases when clearing setid bits:
- The setid bits can be readded during a single write, so make sure to check
  for them on every chunk write.
- Log TX_SETATTR record at most once per transaction group (if the setid bits
  are keep coming back).
- Move zfs_log_setattr() outside of zp->z_acl_lock.

Reviewed-by: Dan McDonald <danmcd@joyent.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: Christian Schwarz <me@cschwarz.com>
Signed-off-by: Pawel Jakub Dawidek <pawel@dawidek.net>
Closes #13027
2022-02-16 17:58:55 -08:00
.github libzfs: add keylocation=https://, backed by fetch(3) or libcurl 2022-02-16 17:58:37 -08:00
cmd Add enumerated vdev names to 'zpool iostat -v' and 'zpool list -v' 2022-02-16 17:58:55 -08:00
config libzfs: add keylocation=https://, backed by fetch(3) or libcurl 2022-02-16 17:58:37 -08:00
contrib contrib/initrd: systemd-ask-password --no-tty before argument 2022-02-16 17:58:55 -08:00
etc systemd: add weekly and monthly scrub timers 2022-02-10 11:04:35 -08:00
include libzfs: add keylocation=https://, backed by fetch(3) or libcurl 2022-02-16 17:58:37 -08:00
lib libzfs: add keylocation=https://, backed by fetch(3) or libcurl 2022-02-16 17:58:37 -08:00
man Clarify failmode=wait documentation 2022-02-16 17:58:55 -08:00
module Fix clearing set-uid and set-gid bits on a file when replying a write 2022-02-16 17:58:55 -08:00
rpm RPM: Add missing BuildRequires for PAM component 2022-02-16 17:58:55 -08:00
scripts Update checkstyle workflow env to ubuntu-20.04 2021-12-08 13:27:56 -08:00
tests Fix clearing set-uid and set-gid bits on a file when replying a write 2022-02-16 17:58:55 -08:00
udev Udev rules: use match (==) rather than assign (=) for PROGRAM 2021-09-14 12:23:10 -07:00
.editorconfig Add an .editorconfig; document git whitespace settings 2020-01-27 13:32:52 -08:00
.gitignore Add FreeBSD support to OpenZFS 2020-04-14 11:36:28 -07:00
.gitmodules .gitmodules: link to openzfs github repository 2021-04-14 13:23:08 -07:00
AUTHORS Add zstd support to zfs 2020-08-20 10:30:06 -07:00
autogen.sh Cause autogen.sh to fail if autoreconf fails 2018-07-06 09:27:37 -07:00
CODE_OF_CONDUCT.md Replace ZFS on Linux references with OpenZFS 2020-10-08 20:10:13 -07:00
configure.ac Fix lseek(SEEK_DATA/SEEK_HOLE) mmap consistency 2021-11-05 08:08:55 -07:00
copy-builtin copy-builtin: posix conformance 2021-05-10 12:18:54 -07:00
COPYRIGHT Fix typos 2020-06-09 21:24:09 -07:00
LICENSE Update build system and packaging 2018-05-29 16:00:33 -07:00
Makefile.am Upgrade to libabigail 2.0.0 2021-11-05 07:59:40 -07:00
META Tag zfs-2.1.2 2021-12-13 15:00:39 -08:00
NEWS Fix NEWS file 2020-08-26 21:44:41 -07:00
NOTICE Update build system and packaging 2018-05-29 16:00:33 -07:00
README.md README: Update OpenZFS website url 2022-02-16 17:58:55 -08:00
RELEASES.md Add RELEASES.md file 2021-04-07 13:26:58 -07:00
TEST Remove CI builder customization from TEST 2020-03-16 10:46:03 -07:00
zfs.release.in Move zfs.release generation to configure step 2012-07-12 12:22:51 -07:00

img

OpenZFS is an advanced file system and volume manager which was originally developed for Solaris and is now maintained by the OpenZFS community. This repository contains the code for running OpenZFS on Linux and FreeBSD.

codecov coverity

Official Resources

Installation

Full documentation for installing OpenZFS on your favorite operating system can be found at the Getting Started Page.

Contribute & Develop

We have a separate document with contribution guidelines.

We have a Code of Conduct.

Release

OpenZFS is released under a CDDL license. For more details see the NOTICE, LICENSE and COPYRIGHT files; UCRL-CODE-235197

Supported Kernels

  • The META file contains the officially recognized supported Linux kernel versions.
  • Supported FreeBSD versions are any supported branches and releases starting from 12.2-RELEASE.