Dongsu Park <dongsu@xxxxxxxxxx> writes: > From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> > > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root permissions. In such > cases allow_other should not allow users outside the userns > to access the mount as doing so would give the unprivileged user > the ability to manipulate processes it would otherwise be unable > to manipulate. Restrict allow_other to apply to users in the same > userns used at mount or a descendant of that namespace. Also > export current_in_userns() for use by fuse when built as a > module. > > Patch v4 is available: https://patchwork.kernel.org/patch/8944671/ > > Cc: linux-fsdevel@xxxxxxxxxxxxxxx > Cc: linux-kernel@xxxxxxxxxxxxxxx > Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > Cc: Serge Hallyn <serge@xxxxxxxxxx> > Cc: Miklos Szeredi <mszeredi@xxxxxxxxxx> > Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> > Signed-off-by: Dongsu Park <dongsu@xxxxxxxxxx> Reviewed-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > --- > fs/fuse/dir.c | 2 +- > kernel/user_namespace.c | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c > index ad1cfac1..d41559a0 100644 > --- a/fs/fuse/dir.c > +++ b/fs/fuse/dir.c > @@ -1030,7 +1030,7 @@ int fuse_allow_current_process(struct fuse_conn *fc) > const struct cred *cred; > > if (fc->allow_other) > - return 1; > + return current_in_userns(fc->user_ns); > > cred = current_cred(); > if (uid_eq(cred->euid, fc->user_id) && > diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c > index 246d4d4c..492c255e 100644 > --- a/kernel/user_namespace.c > +++ b/kernel/user_namespace.c > @@ -1235,6 +1235,7 @@ bool current_in_userns(const struct user_namespace *target_ns) > { > return in_userns(target_ns, current_user_ns()); > } > +EXPORT_SYMBOL(current_in_userns); > > static inline struct user_namespace *to_user_ns(struct ns_common *ns) > {
