| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20151204190017.GB3624@mail.hallyn.com>
Date: Fri, 4 Dec 2015 13:00:17 -0600
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Seth Forshee <seth.forshee@...onical.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Serge Hallyn <serge.hallyn@...onical.com>,
Richard Weinberger <richard.weinberger@...il.com>,
Austin S Hemmelgarn <ahferroin7@...il.com>,
Miklos Szeredi <miklos@...redi.hu>,
linux-bcache@...r.kernel.org, dm-devel@...hat.com,
linux-raid@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
fuse-devel@...ts.sourceforge.net,
linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov
Subject: Re: [PATCH 11/19] fs: Ensure the mounter of a filesystem is
privileged towards its inodes
Quoting Seth Forshee (seth.forshee@...onical.com):
> The mounter of a filesystem should be privileged towards the
> inodes of that filesystem. Extend the checks in
> inode_owner_or_capable() and capable_wrt_inode_uidgid() to
> permit access by users priviliged in the user namespace of the
> inode's superblock.
>
> Signed-off-by: Seth Forshee <seth.forshee@...onical.com>
Acked-by: Serge Hallyn <serge.hallyn@...onical.com>
> ---
> fs/inode.c | 3 +++
> kernel/capability.c | 13 +++++++++----
> 2 files changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/fs/inode.c b/fs/inode.c
> index 1be5f9003eb3..01c036fe1950 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -1962,6 +1962,9 @@ bool inode_owner_or_capable(const struct inode *inode)
> ns = current_user_ns();
> if (ns_capable(ns, CAP_FOWNER) && kuid_has_mapping(ns, inode->i_uid))
> return true;
> +
> + if (ns_capable(inode->i_sb->s_user_ns, CAP_FOWNER))
> + return true;
> return false;
> }
> EXPORT_SYMBOL(inode_owner_or_capable);
> diff --git a/kernel/capability.c b/kernel/capability.c
> index 45432b54d5c6..5137a38a5670 100644
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -437,13 +437,18 @@ EXPORT_SYMBOL(file_ns_capable);
> *
> * Return true if the current task has the given capability targeted at
> * its own user namespace and that the given inode's uid and gid are
> - * mapped into the current user namespace.
> + * mapped into the current user namespace, or if the current task has
> + * the capability towards the user namespace of the inode's superblock.
> */
> bool capable_wrt_inode_uidgid(const struct inode *inode, int cap)
> {
> - struct user_namespace *ns = current_user_ns();
> + struct user_namespace *ns;
>
> - return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
> - kgid_has_mapping(ns, inode->i_gid);
> + ns = current_user_ns();
> + if (ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
> + kgid_has_mapping(ns, inode->i_gid))
> + return true;
> +
> + return ns_capable(inode->i_sb->s_user_ns, cap);
> }
> EXPORT_SYMBOL(capable_wrt_inode_uidgid);
> --
> 1.9.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists