OpenAFS Master Repository branch, master, updated. BP-openafs-stable-1_8_x-545-g57b4f4f
Gerrit Code Review
gerrit@openafs.org
Fri, 13 Mar 2020 15:30:10 -0400
The following commit has been merged in the master branch:
commit 57b4f4f9be1e25d5609301c10f717aff32aef676
Author: Andrew Deason <adeason@sinenomine.net>
Date: Fri Mar 13 13:00:35 2020 -0500
LINUX: Properly revert creds in osi_UFSTruncate
Commit cd3221d3 (Linux: use override_creds when available) caused us
to force the current process's creds to the creds of afsd during
osi_file.c file ops, to avoid access errors in some cases.
However, in osi_UFSTruncate, one code path was missed to revert our
creds back to the original user's creds: when the afs_osi_Stat call
fails or deems the truncate unnecessary. In this case, the calling
process keeps the creds for afsd after osi_UFSTruncate returns,
causing our subsequent access-checking code to think that the current
process is in the same context as afsd (typically uid 0 without a
pag).
This can cause the calling process to appear to transiently have the
same access as non-pag uid 0; typically this will be unauthenticated
access, but could be authenticated if uid 0 has tokens.
To fix this, modify the early return in osi_UFSTruncate to go through
a 'goto done' destructor instead, and make sure we revert our creds in
that destructor.
Thanks to cwills@sinenomine.net for finding and helping reproduce the
issue.
Change-Id: I6820af675edcb7aa00542ba40fc52430d68c05e8
Reviewed-on: https://gerrit.openafs.org/14098
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Jeffrey Hutzelman <jhutz@cmu.edu>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: Cheyenne Wills <cwills@sinenomine.net>
src/afs/LINUX/osi_file.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository