Missing check for CAP_SYS_ADMIN in do_reconfigure_mnt()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, function do_remount() in fs/namespace.c checks the CAP_SYS_ADMIN
before it calls set_mount_attributes().

--------------------
// fs/namespace.c
static int do_remount(struct path *path, int ms_flags, int sb_flags,
              int mnt_flags, void *data)
{
        ....
        if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
            err = reconfigure_super(fc);
            if (!err) {
                lock_mount_hash();
                set_mount_attributes(mnt, mnt_flags);       // <===
protected function
                unlock_mount_hash();
            }
        ...
}
--------------------

However, in another caller of set_mount_attributes(),
do_reconfigure_mnt(), I have not found any check for CAP_SYS_ADMIN.
So, is there a missing check bug inside do_reconfigure_mnt() ? (which
makes it possible for normal user to reach set_mount_attributes())

Thanks!

Best regards,
Tianyu
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux