From: Patrick Donnelly <pdonnell@redhat.com>
Date: Wed, 16 Aug 2017 17:20:11 +0000 (-0700)
Subject: client: clear suid/sgid bits on non-zero write
X-Git-Tag: v12.2.1~42^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b9514d48471b40574a47ad433e3573674075e466;p=ceph.git

client: clear suid/sgid bits on non-zero write

According to [1], these bits should be cleared regardless of any exe bits on
the file. Also, add the required non-zero write check.

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/pwrite.html

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
(cherry picked from commit 24c9de5d11d5d1145da96a2af52dd22d81e0c89d)
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 8bd28b3f257..c93bf524b5f 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -9018,8 +9018,7 @@ int Client::_write(Fh *f, int64_t offset, uint64_t size, const char *buf,
     return r;
 
   /* clear the setuid/setgid bits, if any */
-  if (unlikely((in->mode & S_ISUID) ||
-	       (in->mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) {
+  if (unlikely(in->mode & (S_ISUID|S_ISGID)) && size > 0) {
     struct ceph_statx stx = { 0 };
 
     put_cap_ref(in, CEPH_CAP_AUTH_SHARED);