Even kernel doesn't get ATTR_KILL_SGID mask and get ATTR_KILL_SUID mask, we still can strip S_ISGID mode in setattr_prepare and setattr_copy. We should check separate sgid stripping logic whether works well on different filesystems. Also fix comments error. Signed-off-by: Yang Xu <xuyang2018.jy@xxxxxxxxxxx> --- tests/generic/673 | 31 ++++++++++++++++++++++++------- tests/generic/673.out | 18 ++++++++++++++++++ 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/tests/generic/673 b/tests/generic/673 index 0377c5f6..572abb7b 100755 --- a/tests/generic/673 +++ b/tests/generic/673 @@ -53,8 +53,7 @@ commit_and_check() { echo } -# Commit to a non-exec file by an unprivileged user clears suid but leaves -# sgid. +# Commit to a non-exec file by an unprivileged user clears suid and sgid echo "Test 1 - qa_user, non-exec file" setup_testfile chmod a+rws $SCRATCH_MNT/a @@ -66,7 +65,7 @@ setup_testfile chmod g+x,a+rws $SCRATCH_MNT/a commit_and_check "$qa_user" -# Commit to a user-exec file by an unprivileged user clears suid but not sgid. +# Commit to a user-exec file by an unprivileged user clears suid and sgid. echo "Test 3 - qa_user, user-exec file" setup_testfile chmod u+x,a+rws,g-x $SCRATCH_MNT/a @@ -78,30 +77,48 @@ setup_testfile chmod a+rwxs $SCRATCH_MNT/a commit_and_check "$qa_user" -# Commit to a non-exec file by root clears suid but leaves sgid. +# Commit to a non-exec file by root leaves suid and sgid. echo "Test 5 - root, non-exec file" setup_testfile chmod a+rws $SCRATCH_MNT/a commit_and_check -# Commit to a group-exec file by root clears suid and sgid. +# Commit to a group-exec file by root leaves suid and sgid. echo "Test 6 - root, group-exec file" setup_testfile chmod g+x,a+rws $SCRATCH_MNT/a commit_and_check -# Commit to a user-exec file by root clears suid but not sgid. +# Commit to a user-exec file by root leaves suid and sgid. echo "Test 7 - root, user-exec file" setup_testfile chmod u+x,a+rws,g-x $SCRATCH_MNT/a commit_and_check -# Commit to a all-exec file by root clears suid and sgid. +# Commit to a all-exec file by root leaves suid and sgid. echo "Test 8 - root, all-exec file" setup_testfile chmod a+rwxs $SCRATCH_MNT/a commit_and_check +#Commit to a non-exec file by unprivileged user leaves sgid. +echo "Test 9 - qa_user, non-exec file, only sgid" +setup_testfile +chmod a+rw,g+rws $SCRATCH_MNT/a +commit_and_check "$qa_user" + +#Commit to a non-exec file by unprivileged user clears sgid +echo "Test 10 - qa_user, group-exec file, only sgid" +setup_testfile +chmod a+rw,g+rwxs $SCRATCH_MNT/a +commit_and_check "$qa_user" + +#Commit to a non-exec file by unprivileged user clears sgid. +echo "Test 11 - qa_user, all-exec file, only sgid" +setup_testfile +chmod a+rwx,g+rwxs $SCRATCH_MNT/a +commit_and_check "$qa_user" + # success, all done status=0 exit diff --git a/tests/generic/673.out b/tests/generic/673.out index 4d18bca2..767251f2 100644 --- a/tests/generic/673.out +++ b/tests/generic/673.out @@ -47,3 +47,21 @@ Test 8 - root, all-exec file 3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a 6777 -rwsrwsrwx SCRATCH_MNT/a +Test 9 - qa_user, non-exec file, only sgid +310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a +2666 -rw-rwSrw- SCRATCH_MNT/a +3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a +2666 -rw-rwSrw- SCRATCH_MNT/a + +Test 10 - qa_user, group-exec file, only sgid +310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a +2676 -rw-rwsrw- SCRATCH_MNT/a +3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a +676 -rw-rwxrw- SCRATCH_MNT/a + +Test 11 - qa_user, all-exec file, only sgid +310f146ce52077fcd3308dcbe7632bb2 SCRATCH_MNT/a +2777 -rwxrwsrwx SCRATCH_MNT/a +3784de23efab7a2074c9ec66901e39e5 SCRATCH_MNT/a +777 -rwxrwxrwx SCRATCH_MNT/a + -- 2.27.0