fuse: fix killing s[ug]id in setattr

[cascardo/linux.git] / fs / fuse / dir.c

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 3d3afa7..b7a690e 100644 (file)
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1703,16 +1703,40 @@ error:
 static int fuse_setattr(struct dentry *entry, struct iattr *attr)
 {
        struct inode *inode = d_inode(entry);
+       struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
        int ret;
 
        if (!fuse_allow_current_process(get_fuse_conn(inode)))
                return -EACCES;
 
-       if (attr->ia_valid & ATTR_FILE)
-               ret = fuse_do_setattr(inode, attr, attr->ia_file);
-       else
-               ret = fuse_do_setattr(inode, attr, NULL);
+       if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
+               int kill;
+
+               attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
+                                   ATTR_MODE);
+               /*
+                * ia_mode calculation may have used stale i_mode.  Refresh and
+                * recalculate.
+                */
+               ret = fuse_do_getattr(inode, NULL, file);
+               if (ret)
+                       return ret;
+
+               attr->ia_mode = inode->i_mode;
+               kill = should_remove_suid(entry);
+               if (kill & ATTR_KILL_SUID) {
+                       attr->ia_valid |= ATTR_MODE;
+                       attr->ia_mode &= ~S_ISUID;
+               }
+               if (kill & ATTR_KILL_SGID) {
+                       attr->ia_valid |= ATTR_MODE;
+                       attr->ia_mode &= ~S_ISGID;
+               }
+       }
+       if (!attr->ia_valid)
+               return 0;
 
+       ret = fuse_do_setattr(inode, attr, file);
        if (!ret) {
                /* Directory mode changed, may need to revalidate access */
                if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))