From 0c12204145d43ad4683136379a130385ef16d166 Mon Sep 17 00:00:00 2001 From: bigbrotherwei <1965867461@qq.com> Date: Wed, 17 Jan 2024 23:58:27 +0800 Subject: [PATCH] Add processing for FUSE_CAP_HANDLE_KILLPRIV and disable it by default 'FUSE_CAP_HANDLE_KILLPRIV' is not enabled by default anymore, as that would be a sudden security issue introduced by a new ABI and API compatible libfuse version. --- include/fuse_common.h | 2 +- lib/fuse_lowlevel.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/fuse_common.h b/include/fuse_common.h index fedbaa9..bdbd7cb 100644 --- a/include/fuse_common.h +++ b/include/fuse_common.h @@ -363,7 +363,7 @@ struct fuse_loop_config_v1 { * setuid and setgid bits when a file is written, truncated, or * its owner is changed. * - * This feature is enabled by default when supported by the kernel. + * This feature is disabled by default. */ #define FUSE_CAP_HANDLE_KILLPRIV (1 << 20) diff --git a/lib/fuse_lowlevel.c b/lib/fuse_lowlevel.c index d8f5466..def1918 100644 --- a/lib/fuse_lowlevel.c +++ b/lib/fuse_lowlevel.c @@ -2054,7 +2054,6 @@ void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg) se->conn.want |= (cap) LL_SET_DEFAULT(1, FUSE_CAP_ASYNC_READ); LL_SET_DEFAULT(1, FUSE_CAP_AUTO_INVAL_DATA); - LL_SET_DEFAULT(1, FUSE_CAP_HANDLE_KILLPRIV); LL_SET_DEFAULT(1, FUSE_CAP_ASYNC_DIO); LL_SET_DEFAULT(1, FUSE_CAP_IOCTL_DIR); LL_SET_DEFAULT(1, FUSE_CAP_ATOMIC_O_TRUNC); @@ -2146,6 +2145,8 @@ void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg) outargflags |= FUSE_PARALLEL_DIROPS; if (se->conn.want & FUSE_CAP_POSIX_ACL) outargflags |= FUSE_POSIX_ACL; + if (se->conn.want & FUSE_CAP_HANDLE_KILLPRIV) + outargflags |= FUSE_HANDLE_KILLPRIV; if (se->conn.want & FUSE_CAP_CACHE_SYMLINKS) outargflags |= FUSE_CACHE_SYMLINKS; if (se->conn.want & FUSE_CAP_EXPLICIT_INVAL_DATA) -- 2.30.2