Bug 783525

Summary: Prevent users from removing (not modifying) internal xattrs
Product: [Community] GlusterFS Reporter: Jeff Darcy <jdarcy>
Component: coreAssignee: Vivek Agarwal <vagarwal>
Status: CLOSED CURRENTRELEASE QA Contact: Raghavendra Bhat <rabhat>
Severity: medium Docs Contact:
Priority: high    
Version: mainlineCC: amarts, gluster-bugs, sankarshan
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.4.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-24 17:56:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: glusterfs-3.3.0qa43 Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 817967    

Description Jeff Darcy 2012-01-20 17:46:32 UTC 
Description of problem:

Apparently we use GF_IF_INTERNAL_XATTR_GOTO in various strategic places to check for user attempts to *modify* internal xattrs.  For example, afr_setxattr checks for trusted.afr.*, dht_setxattr checks for trusted.glusterfs.dht, and so on.  However, these checks seem to be absent from entry points to *remove* xattrs - e.g. afr_removexattr, dht_removexattr.  There's a patch in progress to add handling for fremovexattr, so that case can be handled as part of the patch, but we also need something for removexattr.

Steps to Reproduce: setfattr -x trusted.glusterfs.dht ...
  
Actual results: internal xattrs are removed.

Expected results: request should be rejected.
Comment 1 Amar Tumballi 2012-02-22 06:16:20 UTC 
Rajesh, this is already done right? Can you paste the url of patch (from review.gluster.com) and mark it as ON_QA?
Comment 2 Rajesh 2012-02-22 06:57:10 UTC 
modifying of internal xattrs has been prevented with that patch.
we are not currently handling removing of the internal xattrs. to be done..
IMO, we should prevent users from removing, modifying and reading the internal xattrs as applicable.
Comment 3 Amar Tumballi 2012-02-23 07:43:36 UTC 
ok... so we still need a patch for removexattr() to handle all these. Ok. keep it open then.
Comment 4 Anand Avati 2012-03-05 17:17:53 UTC 
CHANGE: http://review.gluster.com/2836 (fops/removexattr: prevent users from removing glusterfs xattrs) merged in master by Vijay Bellur (vijay)
Comment 5 Raghavendra Bhat 2012-05-24 10:39:24 UTC 
Now removing internal xattrs of glusterfs is not allowed via mount point. 

 setfattr -x trusted.glusterfs.dht glusterfs-3.0.0pre2/
setfattr: glusterfs-3.0.0pre2/: Operation not permitted