git-server-git.apps.pok.os.sepia.ceph.com Git

author	Kefu Chai <tchaikov@gmail.com>
	Sat, 5 Jul 2025 08:23:36 +0000 (16:23 +0800)
committer	Venky Shankar <vshankar@redhat.com>
	Mon, 21 Jul 2025 08:22:46 +0000 (13:52 +0530)
commit	e98061a9c0fb3c3b58950f5dd638476c2505b326
tree	6c206cd70dc1d935de99e7ed2f5d50ce8aad00fc	tree \| snapshot
parent	059833115fa228beaf0583bc7aaf424a80690d2a	commit \| diff

client: prohibit unprivileged users from setting sgid/suid bits

Prior to fb1b72d, unprivileged users could add mode bits as long as
S_ISUID and S_ISGID were not included in the change.

After fb1b72d, unprivileged users were allowed to modify S_ISUID and
S_ISGID bits only when no other mode bits were changed in the same
operation. This inadvertently permitted unprivileged users to set
S_ISUID and/or S_ISGID bits when they were the sole bits being modified.

This behavior should not be allowed. Unprivileged users should be
prohibited from setting S_ISUID and/or S_ISGID bits under any
circumstances.

This change tightens the permission check to prevent unprivileged
users from setting these privileged bits in all cases.

Signed-off-by: Kefu Chai <tchaikov@gmail.com>
(cherry picked from commit 7028ed21138522495df1e9f8b01195a3c43d47ff)

src/client/Client.cc		diff \| blob \| history
src/test/libcephfs/suidsgid.cc		diff \| blob \| history