| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1461339521-123191-16-git-send-email-seth.forshee@canonical.com> Date: Fri, 22 Apr 2016 10:38:32 -0500 From: Seth Forshee <seth.forshee@...onical.com> To: "Eric W. Biederman" <ebiederm@...ssion.com>, Alexander Viro <viro@...iv.linux.org.uk> Cc: Serge Hallyn <serge.hallyn@...onical.com>, Richard Weinberger <richard.weinberger@...il.com>, Austin S Hemmelgarn <ahferroin7@...il.com>, Miklos Szeredi <mszeredi@...hat.com>, Pavel Tikhomirov <ptikhomirov@...tuozzo.com>, linux-kernel@...r.kernel.org, linux-bcache@...r.kernel.org, dm-devel@...hat.com, linux-raid@...r.kernel.org, linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org, fuse-devel@...ts.sourceforge.net, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, cgroups@...r.kernel.org, Seth Forshee <seth.forshee@...onical.com> Subject: [PATCH v3 15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns Expand the check in should_remove_suid() to keep privileges for CAP_FSETID in s_user_ns rather than init_user_ns. Signed-off-by: Seth Forshee <seth.forshee@...onical.com> Acked-by: Serge Hallyn <serge.hallyn@...onical.com> --- fs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/inode.c b/fs/inode.c index 69b8b526c194..cd52170f9117 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1690,7 +1690,8 @@ int should_remove_suid(struct dentry *dentry) if (unlikely((mode & S_ISGID) && (mode & S_IXGRP))) kill |= ATTR_KILL_SGID; - if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode))) + if (unlikely(kill && !ns_capable(dentry->d_sb->s_user_ns, CAP_FSETID) && + S_ISREG(mode))) return kill; return 0; -- 1.9.1
Powered by blists - more mailing lists