From owner-svn-src-projects@freebsd.org Sat May 4 02:11:30 2019 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20F0715A22D6 for ; Sat, 4 May 2019 02:11:30 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BA36E6BD31; Sat, 4 May 2019 02:11:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 94DF918DB; Sat, 4 May 2019 02:11:29 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x442BTxj041550; Sat, 4 May 2019 02:11:29 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x442BSNA041546; Sat, 4 May 2019 02:11:28 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201905040211.x442BSNA041546@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Sat, 4 May 2019 02:11:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r347077 - in projects/fuse2: sys/fs/fuse tests/sys/fs/fusefs X-SVN-Group: projects X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: in projects/fuse2: sys/fs/fuse tests/sys/fs/fusefs X-SVN-Commit-Revision: 347077 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: BA36E6BD31 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.97)[-0.967,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 May 2019 02:11:30 -0000 Author: asomers Date: Sat May 4 02:11:28 2019 New Revision: 347077 URL: https://svnweb.freebsd.org/changeset/base/347077 Log: fusefs: use effective gid, not real gid, for FUSE operations This is the gid used for stuff like setting the group of a newly created file. Reported by: pjdfstest Sponsored by: The FreeBSD Foundation Modified: projects/fuse2/sys/fs/fuse/fuse_ipc.c projects/fuse2/tests/sys/fs/fusefs/allow_other.cc projects/fuse2/tests/sys/fs/fusefs/utils.cc projects/fuse2/tests/sys/fs/fusefs/utils.hh Modified: projects/fuse2/sys/fs/fuse/fuse_ipc.c ============================================================================== --- projects/fuse2/sys/fs/fuse/fuse_ipc.c Sat May 4 02:10:47 2019 (r347076) +++ projects/fuse2/sys/fs/fuse/fuse_ipc.c Sat May 4 02:11:28 2019 (r347077) @@ -191,6 +191,7 @@ fuse_interrupt_send(struct fuse_ticket *otick, int err struct fuse_data *data = otick->tk_data; struct fuse_ticket *tick, *xtick; struct ucred reused_creds; + gid_t reused_groups[1]; if (otick->irq_unique == 0) { /* @@ -233,7 +234,8 @@ fuse_interrupt_send(struct fuse_ticket *otick, int err */ ftick_hdr = fticket_in_header(otick); reused_creds.cr_uid = ftick_hdr->uid; - reused_creds.cr_rgid = ftick_hdr->gid; + reused_groups[0] = ftick_hdr->gid; + reused_creds.cr_groups = reused_groups; fdisp_init(&fdi, sizeof(*fii)); fdisp_make_pid(&fdi, FUSE_INTERRUPT, data, ftick_hdr->nodeid, ftick_hdr->pid, &reused_creds); @@ -878,7 +880,7 @@ fuse_setup_ihead(struct fuse_in_header *ihead, struct ihead->pid = pid; ihead->uid = cred->cr_uid; - ihead->gid = cred->cr_rgid; + ihead->gid = cred->cr_groups[0]; } /* Modified: projects/fuse2/tests/sys/fs/fusefs/allow_other.cc ============================================================================== --- projects/fuse2/tests/sys/fs/fusefs/allow_other.cc Sat May 4 02:10:47 2019 (r347076) +++ projects/fuse2/tests/sys/fs/fusefs/allow_other.cc Sat May 4 02:11:28 2019 (r347077) @@ -98,6 +98,31 @@ TEST_F(AllowOther, allowed) ASSERT_EQ(0, WEXITSTATUS(status)); } +/* Check that fusefs uses the correct credentials for FUSE operations */ +TEST_F(AllowOther, creds) +{ + int status; + uid_t uid; + gid_t gid; + + get_unprivileged_id(&uid, &gid); + fork(true, &status, [=] { + EXPECT_CALL(*m_mock, process( ResultOf([=](auto in) { + return (in->header.opcode == FUSE_LOOKUP && + in->header.uid == uid && + in->header.gid == gid); + }, Eq(true)), + _) + ).Times(1) + .WillOnce(Invoke(ReturnErrno(ENOENT))); + }, []() { + eaccess(FULLPATH, F_OK); + return 0; + } + ); + ASSERT_EQ(0, WEXITSTATUS(status)); +} + /* * A variation of the Open.multiple_creds test showing how the bug can lead to a * privilege elevation. The first process is privileged and opens a file only Modified: projects/fuse2/tests/sys/fs/fusefs/utils.cc ============================================================================== --- projects/fuse2/tests/sys/fs/fusefs/utils.cc Sat May 4 02:10:47 2019 (r347076) +++ projects/fuse2/tests/sys/fs/fusefs/utils.cc Sat May 4 02:11:28 2019 (r347077) @@ -35,6 +35,7 @@ extern "C" { #include #include +#include #include #include #include @@ -317,10 +318,11 @@ void FuseTest::expect_write(uint64_t ino, uint64_t off }))); } -static void -get_unprivileged_uid(uid_t *uid) +void +get_unprivileged_id(uid_t *uid, gid_t *gid) { struct passwd *pw; + struct group *gr; /* * First try "tests", Kyua's default unprivileged user. XXX after @@ -333,7 +335,12 @@ get_unprivileged_uid(uid_t *uid) } if (pw == NULL) GTEST_SKIP() << "Test requires an unprivileged user"; + /* Use group "nobody", which is Kyua's default unprivileged group */ + gr = getgrnam("nobody"); + if (gr == NULL) + GTEST_SKIP() << "Test requires an unprivileged group"; *uid = pw->pw_uid; + *gid = gr->gr_gid; } void @@ -346,9 +353,10 @@ FuseTest::fork(bool drop_privs, int *child_status, int mflags = MAP_ANON | MAP_SHARED; pid_t child; uid_t uid; + gid_t gid; if (drop_privs) { - get_unprivileged_uid(&uid); + get_unprivileged_id(&uid, &gid); if (IsSkipped()) return; } @@ -367,6 +375,11 @@ FuseTest::fork(bool drop_privs, int *child_status, goto out; } + if (drop_privs && 0 != setegid(gid)) { + perror("setegid"); + err = 1; + goto out; + } if (drop_privs && 0 != setreuid(-1, uid)) { perror("setreuid"); err = 1; Modified: projects/fuse2/tests/sys/fs/fusefs/utils.hh ============================================================================== --- projects/fuse2/tests/sys/fs/fusefs/utils.hh Sat May 4 02:10:47 2019 (r347076) +++ projects/fuse2/tests/sys/fs/fusefs/utils.hh Sat May 4 02:11:28 2019 (r347077) @@ -37,6 +37,8 @@ #define FUSE_WRITE_CACHE 1 #endif +void get_unprivileged_id(uid_t *uid, gid_t *gid); + class FuseTest : public ::testing::Test { protected: uint32_t m_maxreadahead;