summaryrefslogtreecommitdiffstats
path: root/fs/cachefiles/namei.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2014-10-14 08:35:01 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2014-10-14 08:35:01 +0200
commit0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 (patch)
tree268d48a67ffeab5f11ceb604f6a7c5205f6a47e4 /fs/cachefiles/namei.c
parentdfe2c6dcc8ca2cdc662d7c0473e9811b72ef3370 (diff)
parenta1480dcc3c706e309a88884723446f2e84fedd5b (diff)
downloadlinux-0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5.tar.bz2
Merge branch 'CVE-2014-7975' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux
Pull do_umount fix from Andy Lutomirski: "This fix really ought to be safe. Inside a mountns owned by a non-root user namespace, the namespace root almost always has MNT_LOCKED set (if it doesn't, then there's a bug, because rootfs could be exposed). In that case, calling umount on "/" will return -EINVAL with or without this patch. Outside a userns, this patch will have no effect. may_mount, required by umount, already checks ns_capable(current->nsproxy->mnt_ns->user_ns, CAP_SYS_ADMIN) so an additional capable(CAP_SYS_ADMIN) check will have no effect. That leaves anything that calls umount on "/" in a non-root userns while chrooted. This is the case that is currently broken (it remounts ro, which shouldn't be allowed) and that my patch changes to -EPERM. If anything relies on *that*, I'd be surprised" * 'CVE-2014-7975' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux: fs: Add a missing permission check to do_umount
Diffstat (limited to 'fs/cachefiles/namei.c')
0 files changed, 0 insertions, 0 deletions