Commit ebc14c4d authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Linus Torvalds
Browse files

fuse: fix permission checking on sticky directories 



The VFS checks sticky bits on the parent directory even if the filesystem
defines it's own ->permission().  In some situations (sshfs, mountlo, etc) the
user does have permission to delete a file even if the attribute based
checking would not allow it.

So work around this by storing the permission bits separately and returning
them in stat(), but cutting the permission bits off from inode->i_mode.

This is slightly hackish, but it's probably not worth it to add new
infrastructure in VFS and a slight performance penalty for all filesystems,
just for the sake of fuse.

[Jan Engelhardt] cosmetic fixes
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Cc: Jan Engelhardt <jengelh@linux01.gwdg.de>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 244f6385

fs/fuse/dir.c

+3 −1
Original line number Diff line number Diff line
@@ -1054,8 +1054,10 @@ static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, 
	if (fi->i_time < get_jiffies_64())

		err = fuse_do_getattr(inode);



	if (!err)

	if (!err) {

		generic_fillattr(inode, stat);

		stat->mode = fi->orig_i_mode;

	}



	return err;

}

fs/fuse/fuse_i.h

+4 −0
Original line number Diff line number Diff line
@@ -63,6 +63,10 @@ struct fuse_inode { 


	/** Time in jiffies until the file attributes are valid */

	u64 i_time;



	/** The sticky bit in inode->i_mode may have been removed, so

	    preserve the original mode */

	mode_t orig_i_mode;

};



/** FUSE specific file data */

fs/fuse/inode.c

+11 −1
Original line number Diff line number Diff line
@@ -120,10 +120,11 @@ static void fuse_truncate(struct address_space *mapping, loff_t offset) 
void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr)

{

	struct fuse_conn *fc = get_fuse_conn(inode);

	struct fuse_inode *fi = get_fuse_inode(inode);

	loff_t oldsize;



	inode->i_ino     = attr->ino;

	inode->i_mode    = (inode->i_mode & S_IFMT) + (attr->mode & 07777);

	inode->i_mode    = (inode->i_mode & S_IFMT) | (attr->mode & 07777);

	inode->i_nlink   = attr->nlink;

	inode->i_uid     = attr->uid;

	inode->i_gid     = attr->gid;
@@ -135,6 +136,15 @@ void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr) 
	inode->i_ctime.tv_sec   = attr->ctime;

	inode->i_ctime.tv_nsec  = attr->ctimensec;



	/*

	 * Don't set the sticky bit in i_mode, unless we want the VFS

	 * to check permissions.  This prevents failures due to the

	 * check in may_delete().

	 */

	fi->orig_i_mode = inode->i_mode;

	if (!(fc->flags & FUSE_DEFAULT_PERMISSIONS))

		inode->i_mode &= ~S_ISVTX;



	spin_lock(&fc->lock);

	oldsize = inode->i_size;

	i_size_write(inode, attr->size);

CRA Git | Maintained and supported by SUSTech CRA and CCSE