| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Nov 2023 12:06:14 -0500
From: Charles Mirabile <cmirabil@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: linux-fsdevel@...r.kernel.org, brauner@...nel.org,
viro@...iv.linux.org.uk, Charles Mirabile <cmirabil@...hat.com>
Subject: [PATCH v1 0/1] fs: Consider capabilities relative to namespace for linkat permission check
This is a one line change that makes `linkat` aware of namespaces when
checking for capabilities.
As far as I can tell, the call to `capable` in this code dates back to
before the `ns_capable` function existed, so I don't think the author
specifically intended to prefer regular `capable` over `ns_capable`,
and no one has noticed or cared to change it yet... until now!
It is already hard enough to use `linkat` to link temporarily files
into the filesystem without the `/proc` workaround, and when moving
a program that was working fine on bare metal into a container,
I got hung up on this additional snag due to the lack of namespace
awareness in `linkat`.
Charles Mirabile (1):
fs: Consider capabilities relative to namespace for linkat permission
check
fs/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
base-commit: 89cdf9d556016a54ff6ddd62324aa5ec790c05cc
--
2.38.1
Powered by blists - more mailing lists