client: clear suid/sgid bits on non-zero write

According to [1], these bits should be cleared regardless of any exe bits on
the file. Also, add the required non-zero write check.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/pwrite.html

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 24c9de5d11d5d1145da96a2af52dd22d81e0c89d)

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 8bd28b3f2573f2fb2302efb236ba075dcd8a5c82..c93bf524b5f706d87b5c2f1072ab3814e5206ee6 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -9018,8 +9018,7 @@ int Client::_write(Fh *f, int64_t offset, uint64_t size, const char *buf,
     return r;
 
   /* clear the setuid/setgid bits, if any */
-  if (unlikely((in->mode & S_ISUID) ||
-              (in->mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) {
+  if (unlikely(in->mode & (S_ISUID|S_ISGID)) && size > 0) {
     struct ceph_statx stx = { 0 };
 
     put_cap_ref(in, CEPH_CAP_AUTH_SHARED);