[PATCH] client: prohibit unprivileged users from setting sgid/suid bits
Prior to
fb1b72d, unprivileged users could add mode bits as long as
S_ISUID and S_ISGID were not included in the change.
After
fb1b72d, unprivileged users were allowed to modify S_ISUID and
S_ISGID bits only when no other mode bits were changed in the same
operation. This inadvertently permitted unprivileged users to set
S_ISUID and/or S_ISGID bits when they were the sole bits being modified.
This behavior should not be allowed. Unprivileged users should be
prohibited from setting S_ISUID and/or S_ISGID bits under any
circumstances.
This change tightens the permission check to prevent unprivileged
users from setting these privileged bits in all cases.
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
origin: backport, https://github.com/ceph/ceph/commit/
7028ed21138522495df1e9f8b01195a3c43d47ff
bug-debian: https://bugs.debian.org/
1109470
bug: https://github.com/ceph/ceph/pull/64356
Gbp-Pq: Name CVE-2025-52555-2.patch
projects / ceph.git / commit