[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190730155227.41468-2-salyzyn@android.com>
Date: Tue, 30 Jul 2019 08:52:22 -0700
From: Mark Salyzyn <salyzyn@...roid.com>
To: linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com, Mark Salyzyn <salyzyn@...roid.com>,
Miklos Szeredi <miklos@...redi.hu>,
Jonathan Corbet <corbet@....net>,
Vivek Goyal <vgoyal@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
Amir Goldstein <amir73il@...il.com>,
Randy Dunlap <rdunlap@...radead.org>,
Stephen Smalley <sds@...ho.nsa.gov>,
linux-unionfs@...r.kernel.org, linux-doc@...r.kernel.org
Subject: [PATCH v11 1/4] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn <salyzyn@...roid.com>
Cc: Miklos Szeredi <miklos@...redi.hu>
Cc: Jonathan Corbet <corbet@....net>
Cc: Vivek Goyal <vgoyal@...hat.com>
Cc: Eric W. Biederman <ebiederm@...ssion.com>
Cc: Amir Goldstein <amir73il@...il.com>
Cc: Randy Dunlap <rdunlap@...radead.org>
Cc: Stephen Smalley <sds@...ho.nsa.gov>
Cc: linux-unionfs@...r.kernel.org
Cc: linux-doc@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com
---
v11 - Rebase
v10:
- return NULL rather than ERR_PTR(-EPERM)
- did _not_ add it ovl_can_decode_fh() because of changes since last
review, suspect needs to be added to ovl_lower_uuid_ok()?
v8 + v9:
- rebase
v7:
- This time for realz
v6:
- rebase
v5:
- dependency of "overlayfs: override_creds=off option bypass creator_cred"
---
fs/overlayfs/namei.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index e9717c2f7d45..9702f0d5309d 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -161,6 +161,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
return NULL;
+ if (!capable(CAP_DAC_READ_SEARCH))
+ return NULL;
+
bytes = (fh->len - offsetof(struct ovl_fh, fid));
real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
bytes >> 2, (int)fh->type,
--
2.22.0.770.g0f2c4a37fd-goog
Powered by blists - more mailing lists