From: Cole Robinson Date: Wed, 9 Mar 2016 12:20:37 -0500 Subject: [PATCH] util: virfile: Only setuid for virFileRemove if on NFS NFS with root-squash is the only reason we need to do setuid/setgid crazyness in virFileRemove, so limit that behavior to the NFS case. (cherry picked from commit adefc561cc4c6a007529769c3df286f2ed461684) --- src/util/virfile.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index a913903..0bba850 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -2315,6 +2315,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode, /* virFileRemoveNeedsSetuid: + * @path: file we plan to remove * @uid: file uid to check * @gid: file gid to check * @@ -2322,7 +2323,7 @@ virFileOpenAs(const char *path, int openflags, mode_t mode, * owned by the passed uid/gid pair. Needed for NFS with root-squash */ static bool -virFileRemoveNeedsSetuid(uid_t uid, gid_t gid) +virFileRemoveNeedsSetuid(const char *path, uid_t uid, gid_t gid) { /* If running unprivileged, setuid isn't going to work */ if (geteuid() != 0) @@ -2336,6 +2337,12 @@ virFileRemoveNeedsSetuid(uid_t uid, gid_t gid) if (uid == geteuid() && gid == getegid()) return false; + /* Only perform the setuid stuff for NFS, which is the only case + that may actually need it. This can error, but just be safe and + only check for a clear negative result. */ + if (virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS) == 0) + return false; + return true; } @@ -2361,7 +2368,7 @@ virFileRemove(const char *path, gid_t *groups; int ngroups; - if (!virFileRemoveNeedsSetuid(uid, gid)) { + if (!virFileRemoveNeedsSetuid(path, uid, gid)) { if (virFileIsDir(path)) return rmdir(path); else