| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1461339521-123191-21-git-send-email-seth.forshee@canonical.com> Date: Fri, 22 Apr 2016 10:38:37 -0500 From: Seth Forshee <seth.forshee@...onical.com> To: "Eric W. Biederman" <ebiederm@...ssion.com>, Miklos Szeredi <miklos@...redi.hu> Cc: Alexander Viro <viro@...iv.linux.org.uk>, Serge Hallyn <serge.hallyn@...onical.com>, Richard Weinberger <richard.weinberger@...il.com>, Austin S Hemmelgarn <ahferroin7@...il.com>, Miklos Szeredi <mszeredi@...hat.com>, Pavel Tikhomirov <ptikhomirov@...tuozzo.com>, linux-kernel@...r.kernel.org, linux-bcache@...r.kernel.org, dm-devel@...hat.com, linux-raid@...r.kernel.org, linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org, fuse-devel@...ts.sourceforge.net, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, cgroups@...r.kernel.org, Seth Forshee <seth.forshee@...onical.com> Subject: [PATCH v3 20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant Unprivileged users are normally restricted from mounting with the allow_other option by system policy, but this could be bypassed for a mount done with user namespace root permissions. In such cases allow_other should not allow users outside the userns to access the mount as doing so would give the unprivileged user the ability to manipulate processes it would otherwise be unable to manipulate. Restrict allow_other to apply to users in the same userns used at mount or a descendant of that namespace. Signed-off-by: Seth Forshee <seth.forshee@...onical.com> Acked-by: Serge Hallyn <serge.hallyn@...onical.com> Acked-by: Miklos Szeredi <mszeredi@...hat.com> --- fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index ecba75bf6640..1a6c5af49608 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1015,7 +1015,7 @@ int fuse_allow_current_process(struct fuse_conn *fc) const struct cred *cred; if (fc->flags & FUSE_ALLOW_OTHER) - return 1; + return current_in_userns(fc->user_ns); cred = current_cred(); if (uid_eq(cred->euid, fc->user_id) && -- 1.9.1
Powered by blists - more mailing lists