diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-23 04:13:33 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-23 04:13:33 +0300 |
commit | 7b0b78df9cca7344960decf3a16805e8378a43b7 (patch) | |
tree | 6c2e740cb6cecf4ba05301cc548fc3a173969f65 | |
parent | ac9e806c9c018a6cc6e82d50275a4ac185343b4f (diff) | |
parent | 95ebabde382c371572297915b104e55403674e73 (diff) | |
download | linux-7b0b78df9cca7344960decf3a16805e8378a43b7.tar.xz |
Merge branch 'userns-for-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace update from Eric Biederman:
"There are several pieces of active development, but only a single
change made it through the gauntlet to be ready for v5.12. That change
is tightening up the semantics of the v3 capabilities xattr. It is
just short of being a bug-fix/security issue as no user space is known
to even generate the problem case"
* 'userns-for-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
capabilities: Don't allow writing ambiguous v3 file capabilities
-rw-r--r-- | security/commoncap.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 26c1cb725dcb..78598be45f10 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -500,7 +500,8 @@ int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size) __u32 magic, nsmagic; struct inode *inode = d_backing_inode(dentry); struct user_namespace *task_ns = current_user_ns(), - *fs_ns = inode->i_sb->s_user_ns; + *fs_ns = inode->i_sb->s_user_ns, + *ancestor; kuid_t rootid; size_t newsize; @@ -523,6 +524,15 @@ int cap_convert_nscap(struct dentry *dentry, const void **ivalue, size_t size) if (nsrootid == -1) return -EINVAL; + /* + * Do not allow allow adding a v3 filesystem capability xattr + * if the rootid field is ambiguous. + */ + for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) { + if (from_kuid(ancestor, rootid) == 0) + return -EINVAL; + } + newsize = sizeof(struct vfs_ns_cap_data); nscap = kmalloc(newsize, GFP_ATOMIC); if (!nscap) |