client: clear suid/sgid bits on non-zero write

According to [1], these bits should be cleared regardless of any exe bits on
the file. Also, add the required non-zero write check.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/pwrite.html

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 57081a9e4455de46f558df87ea708dcc39ff2ba1..eb62132a17164a9858860158f99b1ac9830e1aeb 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -9018,8 +9018,7 @@ int Client::_write(Fh *f, int64_t offset, uint64_t size, const char *buf,
     return r;
 
   /* clear the setuid/setgid bits, if any */
-  if (unlikely((in->mode & S_ISUID) ||
-              (in->mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) {
+  if (unlikely(in->mode & (S_ISUID|S_ISGID)) && size > 0) {
     struct ceph_statx stx = { 0 };
 
     put_cap_ref(in, CEPH_CAP_AUTH_SHARED);