github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-25 15:33:33 +00:00
Code Issues Projects Releases Wiki Activity

Fix creation of subpath with SUID/SGID directories.

Browse Source 
SafeMakeDir() should apply SUID/SGID/sticky bits to the directory it creates.
This commit is contained in:
Jan Safranek
2018-03-16 16:58:47 +01:00
parent ca06cc43f7
commit e55164c42d
2 changed files with 65 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/util/mount/mount_linux.go
View File

@@ -1032,7 +1032,19 @@ func doSafeMakeDir(pathname string, base string, perm os.FileMode) error {
// so user can read/write it. This is the behavior of previous code.
// TODO: chmod all created directories, not just the last one.
// parentFD is the last created directory.
if err = syscall.Fchmod(parentFD, uint32(perm)&uint32(os.ModePerm)); err != nil {
// Translate perm (os.FileMode) to uint32 that fchmod() expects
kernelPerm := uint32(perm & os.ModePerm)
if perm&os.ModeSetgid > 0 {
kernelPerm |= syscall.S_ISGID
}
if perm&os.ModeSetuid > 0 {
kernelPerm |= syscall.S_ISUID
}
if perm&os.ModeSticky > 0 {
kernelPerm |= syscall.S_ISVTX
}
if err = syscall.Fchmod(parentFD, kernelPerm); err != nil {
return fmt.Errorf("chmod %q failed: %s", currentPath, err)
}
return nil