On Mon, Dec 8, 2014 at 2:08 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > setresuid allows the euid to be set to any of uid, euid, suid, and > fsuid. Therefor it is safe to allow an unprivileged user to map their > euid and use CAP_SETUID privileged with exactly that uid, as no new > credentials can be obtained. > > I can not find a combination of existing system calls that allows > setting uid, euid, suid, and fsuid from the fsuid making the previous > use of fsuid for allowing unprivileged mappings a bug. Right. > > This is part of a fix for CVE-2014-8989. Reviewed-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > --- > kernel/user_namespace.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c > index 8e7c87162171..da1eeb927b21 100644 > --- a/kernel/user_namespace.c > +++ b/kernel/user_namespace.c > @@ -819,7 +819,7 @@ static bool new_idmap_permitted(const struct file *file, > u32 id = new_map->extent[0].lower_first; > if (cap_setid == CAP_SETUID) { > kuid_t uid = make_kuid(ns->parent, id); > - if (uid_eq(uid, file->f_cred->fsuid)) > + if (uid_eq(uid, file->f_cred->euid)) > return true; > } > } > -- > 1.9.1 > -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html