Correctly use setgid/setuid with allow_other

- use these functions in the correct order ;
- correctly check for their return code.
This helps to correct #398.
This commit is contained in:
Ben RUBSON 2017-10-01 21:44:17 +02:00 committed by GitHub
parent f5d37d2c65
commit e0f10e2517
3 changed files with 23 additions and 15 deletions

View File

@ -501,11 +501,21 @@ int DirNode::mkdir(const char *plaintextPath, mode_t mode, uid_t uid,
// if uid or gid are set, then that should be the directory owner // if uid or gid are set, then that should be the directory owner
int olduid = -1; int olduid = -1;
int oldgid = -1; int oldgid = -1;
if (uid != 0) {
olduid = setfsuid(uid);
}
if (gid != 0) { if (gid != 0) {
oldgid = setfsgid(gid); oldgid = setfsgid(gid);
if (oldgid == -1) {
int eno = errno;
RLOG(DEBUG) << "setfsgid error: " << strerror(eno);
return -EPERM;
}
}
if (uid != 0) {
olduid = setfsuid(uid);
if (olduid == -1) {
int eno = errno;
RLOG(DEBUG) << "setfsuid error: " << strerror(eno);
return -EPERM;
}
} }
int res = ::mkdir(cyName.c_str(), mode); int res = ::mkdir(cyName.c_str(), mode);

View File

@ -154,14 +154,6 @@ int FileNode::mknod(mode_t mode, dev_t rdev, uid_t uid, gid_t gid) {
int res; int res;
int olduid = -1; int olduid = -1;
int oldgid = -1; int oldgid = -1;
if (uid != 0) {
olduid = setfsuid(uid);
if (olduid == -1) {
int eno = errno;
RLOG(DEBUG) << "setfsuid error: " << strerror(eno);
return -EPERM;
}
}
if (gid != 0) { if (gid != 0) {
oldgid = setfsgid(gid); oldgid = setfsgid(gid);
if (oldgid == -1) { if (oldgid == -1) {
@ -170,6 +162,14 @@ int FileNode::mknod(mode_t mode, dev_t rdev, uid_t uid, gid_t gid) {
return -EPERM; return -EPERM;
} }
} }
if (uid != 0) {
olduid = setfsuid(uid);
if (olduid == -1) {
int eno = errno;
RLOG(DEBUG) << "setfsuid error: " << strerror(eno);
return -EPERM;
}
}
/* /*
* cf. xmp_mknod() in fusexmp.c * cf. xmp_mknod() in fusexmp.c

View File

@ -41,8 +41,7 @@ static __inline int setfsuid(uid_t uid) {
uid_t olduid = geteuid(); uid_t olduid = geteuid();
if (seteuid(uid) != 0) { if (seteuid(uid) != 0) {
int eno = errno; return -1;
VLOG(1) << "seteuid error: " << strerror(eno);
} }
return olduid; return olduid;
@ -52,8 +51,7 @@ static __inline int setfsgid(gid_t gid) {
gid_t oldgid = getegid(); gid_t oldgid = getegid();
if (setegid(gid) != 0) { if (setegid(gid) != 0) {
int eno = errno; return -1;
VLOG(1) << "setfsgid error: " << strerror(eno);
} }
return oldgid; return oldgid;