| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <167839721674.824023.1725509969728722779.b4-ty@kernel.org>
Date: Thu, 9 Mar 2023 22:40:33 +0100
From: Christian Brauner <brauner@...nel.org>
To: Jeff Layton <jlayton@...nel.org>,
Chuck Lever <chuck.lever@...cle.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
"Seth Forshee (DigitalOcean)" <sforshee@...nel.org>
Cc: Christian Brauner <brauner@...nel.org>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] filelocks: use mount idmapping for setlease permission check
From: Christian Brauner (Microsoft) <brauner@...nel.org>
On Thu, 09 Mar 2023 14:39:09 -0600, Seth Forshee (DigitalOcean) wrote:
> A user should be allowed to take out a lease via an idmapped mount if
> the fsuid matches the mapped uid of the inode. generic_setlease() is
> checking the unmapped inode uid, causing these operations to be denied.
>
> Fix this by comparing against the mapped inode uid instead of the
> unmapped uid.
>
> [...]
I've added a Cc: stable@...r.kernel.org so it's clear we should backport this.
But just to note this here right away, this will likely apply cleanly on 5.15
and 6.2 but fail to compile because our internal apis changed. So I'll have to
do a custom backport for 5.15 and 6.2 once we'll get the failure report thingy
from the stable folks. But applied now,
[1/1] filelocks: use mount idmapping for setlease permission check
commit: 42d0c4bdf753063b6eec55415003184d3ca24f6e
Powered by blists - more mailing lists