| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jul 2010 23:18:45 -0700 From: Kees Cook <kees.cook@...onical.com> To: linux-security-module@...r.kernel.org Cc: linux-kernel@...r.kernel.org Subject: [PATCH v2] Yama: verify inode is symlink to avoid bind mounts The inode_follow_link LSM hook is called in bind mount situations as well as for symlink situations, so we must explicitly check for the inode being a symlink to not reject bind mounts in 1777 directories, which seems to be a common NFSv4 configuration. Signed-off-by: Kees Cook <kees.cook@...onical.com> --- v2: - actually set inode in time to use it. *face palm* --- security/yama/yama_lsm.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 3b76386..51c6a3a 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -116,9 +116,13 @@ static int yama_inode_follow_link(struct dentry *dentry, if (!protected_sticky_symlinks) return 0; + /* if inode isn't a symlink, don't try to evaluate blocking it */ + inode = dentry->d_inode; + if (!S_ISLNK(inode->i_mode)) + return 0; + /* owner and follower match? */ cred = current_cred(); - inode = dentry->d_inode; if (cred->fsuid == inode->i_uid) return 0; -- 1.7.1 -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists