On Fri, Dec 12, 2014 at 3:25 PM, Eric W. Biederman
<ebiederm@xxxxxxxxxxxx> wrote:
> Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes:
>
>> On Fri, Dec 12, 2014 at 2:48 PM, Eric W. Biederman
>> <ebiederm@xxxxxxxxxxxx> wrote:
>>> Forced unmount affects not just the mount namespace but the underlying
>>> superblock as well. Restrict forced unmount to the global root user
>>> for now. Otherwise it becomes possible a user in a less privileged
>>> mount namespace to force the shutdown of a superblock of a filesystem
>>> in a more privileged mount namespace, allowing a DOS attack on root.
>>>
>>
>> I thought I already fixed this. Did I miss part of it?
>
> My tree is based at 3.18-rc6 and as of there I don't see another
> fix.
>
> You fixed the remount_sb case in umount I don't think you fixed forced
> unmounts themselves.
>
> If you did fix this and can point me at it I will be happy to drop this
> patch.
Oh, right, I missed:
if (flags & MNT_FORCE && sb->s_op->umount_begin) {
sb->s_op->umount_begin(sb);
}
whoops.
--Andy
>
> Eric
>
>>> Cc: stable@xxxxxxxxxxxxxxx
>>> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
>>> ---
>>> fs/namespace.c | 3 +++
>>> 1 file changed, 3 insertions(+)
>>>
>>> diff --git a/fs/namespace.c b/fs/namespace.c
>>> index 3a1a87dc33df..43b16af8af30 100644
>>> --- a/fs/namespace.c
>>> +++ b/fs/namespace.c
>>> @@ -1544,6 +1544,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
>>> goto dput_and_out;
>>> if (mnt->mnt.mnt_flags & MNT_LOCKED)
>>> goto dput_and_out;
>>> + retval = -EPERM;
>>> + if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
>>> + goto dput_and_out;
>>>
>>> retval = do_umount(mnt, flags);
>>> dput_and_out:
>>> --
>>> 1.9.1
>>>
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
