diff options
| author | dheerajpdsk <p.dheeraj.srujan.kumar@intel.com> | 2024-08-13 18:57:11 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-13 18:57:11 +0300 |
| commit | 2bd6e77fe603cc9ddd4b1ef5421282487bb7a7d3 (patch) | |
| tree | 0b18a326840e661d88333ec9aee349709f3596c1 /meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-0386.patch | |
| parent | ac27a5095790a2d49a44d7c46440e375a8f84812 (diff) | |
| parent | 848b831c34ae28e7b8132834656ad59dc6b51a87 (diff) | |
| download | openbmc-1-release.tar.xz | |
Update to internal 1-1.20
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-0386.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-0386.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-0386.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-0386.patch new file mode 100644 index 000000000..0c457f4a2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-0386.patch @@ -0,0 +1,48 @@ +From 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi <mszeredi@redhat.com> +Date: Tue, 24 Jan 2023 16:41:18 +0100 +Subject: ovl: fail on invalid uid/gid mapping at copy up + +If st_uid/st_gid doesn't have a mapping in the mounter's user_ns, then +copy-up should fail, just like it would fail if the mounter task was doing +the copy using "cp -a". + +There's a corner case where the "cp -a" would succeed but copy up fail: if +there's a mapping of the invalid uid/gid (65534 by default) in the user +namespace. This is because stat(2) will return this value if the mapping +doesn't exist in the current user_ns and "cp -a" will in turn be able to +create a file with this uid/gid. + +This behavior would be inconsistent with POSIX ACL's, which return -1 for +invalid uid/gid which result in a failed copy. + +For consistency and simplicity fail the copy of the st_uid/st_gid are +invalid. + +Fixes: 459c7c565ac3 ("ovl: unprivieged mounts") +Cc: <stable@vger.kernel.org> # v5.11 +Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> +Reviewed-by: Christian Brauner <brauner@kernel.org> +Reviewed-by: Seth Forshee <sforshee@kernel.org> +--- + fs/overlayfs/copy_up.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c +index 140f2742074d4..c14e90764e356 100644 +--- a/fs/overlayfs/copy_up.c ++++ b/fs/overlayfs/copy_up.c +@@ -1011,6 +1011,10 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, + if (err) + return err; + ++ if (!kuid_has_mapping(current_user_ns(), ctx.stat.uid) || ++ !kgid_has_mapping(current_user_ns(), ctx.stat.gid)) ++ return -EOVERFLOW; ++ + ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags); + + if (parent) { +-- +cgit 1.2.3-korg + |