tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'userns-for-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull user namespace update from Eric Biederman:
"There are several pieces of active development, but only a single
change made it through the gauntlet to be ready for v5.12. That change
is tightening up the semantics of the v3 capabilities xattr. It is
just short of being a bug-fix/security issue as no user space is known
to even generate the problem case"
* 'userns-for-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
capabilities: Don't allow writing ambiguous v3 file capabilities
+11
-1
+11
-1
security/commoncap.c
+11
-1
security/commoncap.c
···
500
500
__u32 magic, nsmagic;
501
501
struct inode *inode = d_backing_inode(dentry);
502
502
struct user_namespace *task_ns = current_user_ns(),
503
-
*fs_ns = inode->i_sb->s_user_ns;
503
+
*fs_ns = inode->i_sb->s_user_ns,
504
+
*ancestor;
504
505
kuid_t rootid;
505
506
size_t newsize;
506
507
···
523
522
nsrootid = from_kuid(fs_ns, rootid);
524
523
if (nsrootid == -1)
525
524
return -EINVAL;
525
+
526
+
/*
527
+
* Do not allow allow adding a v3 filesystem capability xattr
528
+
* if the rootid field is ambiguous.
529
+
*/
530
+
for (ancestor = task_ns->parent; ancestor; ancestor = ancestor->parent) {
531
+
if (from_kuid(ancestor, rootid) == 0)
532
+
return -EINVAL;
533
+
}
526
534
527
535
newsize = sizeof(struct vfs_ns_cap_data);
528
536
nscap = kmalloc(newsize, GFP_ATOMIC);