| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Apr 2018 11:59:58 +0200
From: Christian Brauner <christian.brauner@...onical.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, avagin@...tuozzo.com,
ktkhai@...tuozzo.com, serge@...lyn.com, gregkh@...uxfoundation.org
Subject: Re: [PATCH net-next 2/2 v4] netns: restrict uevents
On Sat, Apr 28, 2018 at 11:23:58PM -0500, Eric W. Biederman wrote:
>
> > + /* fix credentials */
> > + if (owning_user_ns != &init_user_ns) {
> > + struct netlink_skb_parms *parms = &NETLINK_CB(skb);
> > + kuid_t root_uid;
> > + kgid_t root_gid;
> > +
> > + /* fix uid */
> > + root_uid = make_kuid(owning_user_ns, 0);
> > + if (!uid_valid(root_uid))
> > + root_uid = GLOBAL_ROOT_UID;
> > + parms->creds.uid = root_uid;
> > +
> > + /* fix gid */
> > + root_gid = make_kgid(owning_user_ns, 0);
> > + if (!gid_valid(root_gid))
> > + root_gid = GLOBAL_ROOT_GID;
> > + parms->creds.gid = root_gid;
>
> One last nit:
Will add non-functional change and make it a v5 in a few.
Thanks!
Christian
>
> You can only make the assignment if the uid is valid.
> Leaving it GLBOAL_ROOT_UID if the composed uid is invalid.
> AKA
>
> /* fix uid */
> root_uid = make_kuid(owning_user_ns, 0);
> if (uid_valid(root_uid))
> parms->creds.uid = root_uid;
>
> /* fix gid */
> root_gid = make_kgid(owning_user_ns, 0);
> if (gid_valid(root_gid))
> params->creds.gid = root_gid;
>
>
> One line shorter and I think a little clearer. I suspect
> it even results in better code.
>
> Eric
Powered by blists - more mailing lists