lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190617213211.GV17978@ZenIV.linux.org.uk>
Date:   Mon, 17 Jun 2019 22:32:11 +0100
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Christian Brauner <christian@...uner.io>
Cc:     torvalds@...ux-foundation.org, ebiederm@...ssion.com,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH v1] fs/namespace: fix unprivileged mount propagation

On Mon, Jun 17, 2019 at 11:22:14PM +0200, Christian Brauner wrote:
> When propagating mounts across mount namespaces owned by different user
> namespaces it is not possible anymore to move or umount the mount in the
> less privileged mount namespace.
> 
> Here is a reproducer:
> 
>   sudo mount -t tmpfs tmpfs /mnt
>   sudo --make-rshared /mnt
> 
>   # create unprivileged user + mount namespace and preserve propagation
>   unshare -U -m --map-root --propagation=unchanged
> 
>   # now change back to the original mount namespace in another terminal:
>   sudo mkdir /mnt/aaa
>   sudo mount -t tmpfs tmpfs /mnt/aaa
> 
>   # now in the unprivileged user + mount namespace
>   mount --move /mnt/aaa /opt
> 
> Unfortunately, this is a pretty big deal for userspace since this is
> e.g. used to inject mounts into running unprivileged containers.
> So this regression really needs to go away rather quickly.
> 
> The problem is that a recent change falsely locked the root of the newly
> added mounts by setting MNT_LOCKED. Fix this by only locking the mounts
> on copy_mnt_ns() and not when adding a new mount.

Applied.  Linus, if you want to apply it directly, feel free to add my
Acked-by.  Alternatively, wait until tonight and I'll send a pull request
with that (as well as missing mntget() in fsmount(2) fix, at least).

Al, down to ~3Kmail in the pile...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ