On Thu, Oct 06, 2022 at 03:03:23PM +0200, Miklos Szeredi wrote:
> On Wed, 5 Oct 2022 at 17:14, Christian Brauner <brauner@xxxxxxxxxx> wrote:
> >
> > Currently setgid stripping in file_remove_privs()'s should_remove_suid()
> > helper is inconsistent with other parts of the vfs. Specifically, it only
> > raises ATTR_KILL_SGID if the inode is S_ISGID and S_IXGRP but not if the
> > inode isn't in the caller's groups and the caller isn't privileged over the
> > inode although we require this already in setattr_prepare() and
> > setattr_copy() and so all filesystem implement this requirement implicitly
> > because they have to use setattr_{prepare,copy}() anyway.
>
> Could the actual code (not just the logic) be shared between
> should_remove_sgid() and setattr_copy()?
>
> Maybe add another helper, or reformulate should_remove_sgid() so that
> it can be used for both purposes.
Yeah, thanks for pointing that out. I'm actually working on that.
