On Wed, 5 Oct 2022 at 17:14, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> Currently setgid stripping in file_remove_privs()'s should_remove_suid()
> helper is inconsistent with other parts of the vfs. Specifically, it only
> raises ATTR_KILL_SGID if the inode is S_ISGID and S_IXGRP but not if the
> inode isn't in the caller's groups and the caller isn't privileged over the
> inode although we require this already in setattr_prepare() and
> setattr_copy() and so all filesystem implement this requirement implicitly
> because they have to use setattr_{prepare,copy}() anyway.
Could the actual code (not just the logic) be shared between
should_remove_sgid() and setattr_copy()?
Maybe add another helper, or reformulate should_remove_sgid() so that
it can be used for both purposes.
Thanks,
Miklos
