lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7826.1541011504@warthog.procyon.org.uk>
Date:   Wed, 31 Oct 2018 18:45:04 +0000
From:   David Howells <dhowells@...hat.com>
To:     ebiederm@...ssion.com (Eric W. Biederman)
Cc:     dhowells@...hat.com, Al Viro <viro@...IV.linux.org.uk>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Alexey Dobriyan <adobriyan@...il.com>
Subject: [PATCH] vfs: Fix incorrect user_ns assignment in proc and mqueue

    
The user namespace set on a proc superblock should derive from the pid_ns
that the superblock is associated with and, similarly, an mqueue superblock
should derive from the ipc_ns that that is associated with.

Fix both of these to set the proposed user_ns appropriately in the
respective get_tree() functions.

Fixes: a593f22857a3 ("proc: Add fs_context support to procfs")
Fixes: ec772aa43dc7 ("ipc: Convert mqueue fs to fs_context")
Reported-by: Eric W. Biederman <ebiederm@...ssion.com>
Signed-off-by: David Howells <dhowells@...hat.com>
cc: Alexey Dobriyan <adobriyan@...il.com>
---
 fs/proc/root.c |    2 ++
 ipc/mqueue.c   |    2 ++
 2 files changed, 4 insertions(+)

diff --git a/fs/proc/root.c b/fs/proc/root.c
index b0627e622850..3033a900d421 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -162,6 +162,8 @@ static int proc_get_tree(struct fs_context *fc)
 {
 	struct proc_fs_context *ctx = fc->fs_private;
 
+	put_user_ns(fc->user_ns);
+	fc->user_ns = get_user_ns(ctx->pid_ns->user_ns);
 	fc->s_fs_info = ctx->pid_ns;
 	return vfs_get_super(fc, vfs_get_keyed_super, proc_fill_super);
 }
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 869687d586a2..9e793c02f350 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -354,6 +354,8 @@ static int mqueue_get_tree(struct fs_context *fc)
 {
 	struct mqueue_fs_context *ctx = fc->fs_private;
 
+	put_user_ns(fc->user_ns);
+	fc->user_ns = get_user_ns(ctx->ipc_ns->user_ns);
 	fc->s_fs_info = ctx->ipc_ns;
 	return vfs_get_super(fc, vfs_get_keyed_super, mqueue_fill_super);
 }

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ