Ilya Matveychikov <matvejchikov@xxxxxxxxx> writes: > Just CC’ed to some of maintainers. > > $ perl scripts/get_maintainer.pl fs/0001-ksys_mount-check-for-permissions-before-resource-all.patch > Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> (maintainer:FILESYSTEMS (VFS and infrastructure)) > linux-fsdevel@xxxxxxxxxxxxxxx (open list:FILESYSTEMS (VFS and infrastructure)) > linux-kernel@xxxxxxxxxxxxxxx (open list) > >> On Jun 5, 2018, at 6:00 AM, Ilya Matveychikov <matvejchikov@xxxxxxxxx> wrote: >> >> Early check for mount permissions prevents possible allocation of 3 >> pages from kmalloc() pool by unpriveledged user which can be used for >> spraying the kernel heap. *Snort* You clearly have not read may_mount. Your modified code still let's unprivileged users in. So even if all of Al's good objections were not applicable this change would still be buggy and wrong. Nacked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> >> Signed-off-by: Ilya V. Matveychikov <matvejchikov@xxxxxxxxx> >> --- >> fs/namespace.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/fs/namespace.c b/fs/namespace.c >> index 5f75969adff1..1ef8feb2de2a 100644 >> --- a/fs/namespace.c >> +++ b/fs/namespace.c >> @@ -3046,6 +3046,9 @@ int ksys_mount(char __user *dev_name, char __user *dir_name, char __user *type, >> char *kernel_dev; >> void *options; >> >> + if (!may_mount()) >> + return -EPERM; >> + >> kernel_type = copy_mount_string(type); >> ret = PTR_ERR(kernel_type); >> if (IS_ERR(kernel_type)) >> -- >> 2.17.0 >>
