Assumption never checked, should fail if the mounter creds are not sufficient. Signed-off-by: Mark Salyzyn <salyzyn@xxxxxxxxxxx> Cc: Miklos Szeredi <miklos@xxxxxxxxxx> Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Vivek Goyal <vgoyal@xxxxxxxxxx> Cc: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> Cc: Amir Goldstein <amir73il@xxxxxxxxx> Cc: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> Cc: Stephen Smalley <sds@xxxxxxxxxxxxx> Cc: linux-unionfs@xxxxxxxxxxxxxxx Cc: linux-doc@xxxxxxxxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx Cc: kernel-team@xxxxxxxxxxx Cc: Eric Van Hensbergen <ericvh@xxxxxxxxx> Cc: Latchesar Ionkov <lucho@xxxxxxxxxx> Cc: Dominique Martinet <asmadeus@xxxxxxxxxxxxx> Cc: David Howells <dhowells@xxxxxxxxxx> Cc: Chris Mason <clm@xxxxxx> Cc: Josef Bacik <josef@xxxxxxxxxxxxxx> Cc: David Sterba <dsterba@xxxxxxxx> Cc: Jeff Layton <jlayton@xxxxxxxxxx> Cc: Sage Weil <sage@xxxxxxxxxx> Cc: Ilya Dryomov <idryomov@xxxxxxxxx> Cc: Steve French <sfrench@xxxxxxxxx> Cc: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> Cc: Jan Kara <jack@xxxxxxxx> Cc: Theodore Ts'o <tytso@xxxxxxx> Cc: Andreas Dilger <adilger.kernel@xxxxxxxxx> Cc: Jaegeuk Kim <jaegeuk@xxxxxxxxxx> Cc: Chao Yu <yuchao0@xxxxxxxxxx> Cc: Bob Peterson <rpeterso@xxxxxxxxxx> Cc: Andreas Gruenbacher <agruenba@xxxxxxxxxx> Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx> Cc: Richard Weinberger <richard@xxxxxx> Cc: Dave Kleikamp <shaggy@xxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Tejun Heo <tj@xxxxxxxxxx> Cc: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> Cc: Anna Schumaker <anna.schumaker@xxxxxxxxxx> Cc: Mark Fasheh <mark@xxxxxxxxxx> Cc: Joel Becker <jlbec@xxxxxxxxxxxx> Cc: Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx> Cc: Mike Marshall <hubcap@xxxxxxxxxxxx> Cc: Martin Brandenburg <martin@xxxxxxxxxxxx> Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Phillip Lougher <phillip@xxxxxxxxxxxxxxx> Cc: Darrick J. Wong <darrick.wong@xxxxxxxxxx> Cc: linux-xfs@xxxxxxxxxxxxxxx Cc: Hugh Dickins <hughd@xxxxxxxxxx> Cc: David S. Miller <davem@xxxxxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Mathieu Malaterre <malat@xxxxxxxxxx> Cc: Ernesto A. Fernández <ernesto.mnd.fernandez@xxxxxxxxx> Cc: Vyacheslav Dubeyko <slava@xxxxxxxxxxx> Cc: v9fs-developer@xxxxxxxxxxxxxxxxxxxxx Cc: linux-afs@xxxxxxxxxxxxxxxxxxx Cc: linux-btrfs@xxxxxxxxxxxxxxx Cc: ceph-devel@xxxxxxxxxxxxxxx Cc: linux-cifs@xxxxxxxxxxxxxxx Cc: samba-technical@xxxxxxxxxxxxxxx Cc: ecryptfs@xxxxxxxxxxxxxxx Cc: linux-ext4@xxxxxxxxxxxxxxx Cc: linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx Cc: linux-fsdevel@xxxxxxxxxxxxxxx Cc: cluster-devel@xxxxxxxxxx Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx Cc: jfs-discussion@xxxxxxxxxxxxxxxxxxxxx Cc: linux-nfs@xxxxxxxxxxxxxxx Cc: ocfs2-devel@xxxxxxxxxxxxxx Cc: devel@xxxxxxxxxxxxxxxxxx Cc: reiserfs-devel@xxxxxxxxxxxxxxx Cc: linux-mm@xxxxxxxxx Cc: netdev@xxxxxxxxxxxxxxx Cc: linux-security-module@xxxxxxxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx # 4.4, 4.9, 4.14 & 4.19 --- v11 + v12 + v13 - rebase v10: - return NULL rather than ERR_PTR(-EPERM) - did _not_ add it ovl_can_decode_fh() because of changes since last review, suspect needs to be added to ovl_lower_uuid_ok()? v8 + v9: - rebase v7: - This time for realz v6: - rebase v5: - dependency of "overlayfs: override_creds=off option bypass creator_cred" --- fs/overlayfs/namei.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index e9717c2f7d45..9702f0d5309d 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -161,6 +161,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt, if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) return NULL; + if (!capable(CAP_DAC_READ_SEARCH)) + return NULL; + bytes = (fh->len - offsetof(struct ovl_fh, fid)); real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, bytes >> 2, (int)fh->type, -- 2.22.0.770.g0f2c4a37fd-goog ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/
[PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [PATCH v13 1/5] overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh
- From: Mark Salyzyn <salyzyn@xxxxxxxxxxx>
- Date: Wed, 31 Jul 2019 09:57:56 -0700
- Cc: Latchesar Ionkov <lucho@xxxxxxxxxx>, Dave Kleikamp <shaggy@xxxxxxxxxx>, jfs-discussion@xxxxxxxxxxxxxxxxxxxxx, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, linux-doc@xxxxxxxxxxxxxxx, Martin Brandenburg <martin@xxxxxxxxxxxx>, samba-technical@xxxxxxxxxxxxxxx, Dominique Martinet <asmadeus@xxxxxxxxxxxxx>, Amir Goldstein <amir73il@xxxxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, Chris Mason <clm@xxxxxx>, "David S . Miller" <davem@xxxxxxxxxxxxx>, Andreas Dilger <adilger.kernel@xxxxxxxxx>, ocfs2-devel@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, Tyler Hicks <tyhicks@xxxxxxxxxxxxx>, linux-afs@xxxxxxxxxxxxxxxxxxx, Mike Marshall <hubcap@xxxxxxxxxxxx>, linux-xfs@xxxxxxxxxxxxxxx, Andreas Gruenbacher <agruenba@xxxxxxxxxx>, Sage Weil <sage@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Richard Weinberger <richard@xxxxxx>, Mark Fasheh <mark@xxxxxxxxxx>, devel@xxxxxxxxxxxxxxxxxx, Hugh Dickins <hughd@xxxxxxxxxx>, linux-security-module@xxxxxxxxxxxxxxx, cluster-devel@xxxxxxxxxx, Vyacheslav Dubeyko <slava@xxxxxxxxxxx>, v9fs-developer@xxxxxxxxxxxxxxxxxxxxx, Ilya Dryomov <idryomov@xxxxxxxxx>, linux-ext4@xxxxxxxxxxxxxxx, Stephen Smalley <sds@xxxxxxxxxxxxx>, linux-mm@xxxxxxxxx, Vivek Goyal <vgoyal@xxxxxxxxxx>, Chao Yu <yuchao0@xxxxxxxxxx>, linux-cifs@xxxxxxxxxxxxxxx, Eric Van Hensbergen <ericvh@xxxxxxxxx>, ecryptfs@xxxxxxxxxxxxxxx, Josef Bacik <josef@xxxxxxxxxxxxxx>, "Darrick J . Wong" <darrick.wong@xxxxxxxxxx>, reiserfs-devel@xxxxxxxxxxxxxxx, Tejun Heo <tj@xxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Joel Becker <jlbec@xxxxxxxxxxxx>, linux-mtd@xxxxxxxxxxxxxxxxxxx, David Sterba <dsterba@xxxxxxxx>, Jaegeuk Kim <jaegeuk@xxxxxxxxxx>, ceph-devel@xxxxxxxxxxxxxxx, Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>, linux-nfs@xxxxxxxxxxxxxxx, linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx, "Theodore Ts'o" <tytso@xxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx>, Mathieu Malaterre <malat@xxxxxxxxxx>, kernel-team@xxxxxxxxxxx, Miklos Szeredi <miklos@xxxxxxxxxx>, Jeff Layton <jlayton@xxxxxxxxxx>, linux-unionfs@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx, Mark Salyzyn <salyzyn@xxxxxxxxxxx>, Steve French <sfrench@xxxxxxxxx>, Ernesto A . Fernández <ernesto.mnd.fernandez@xxxxxxxxx>, "Eric W . Biederman" <ebiederm@xxxxxxxxxxxx>, Jan Kara <jack@xxxxxxxx>, Bob Peterson <rpeterso@xxxxxxxxxx>, Phillip Lougher <phillip@xxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, David Woodhouse <dwmw2@xxxxxxxxxxxxx>, Anna Schumaker <anna.schumaker@xxxxxxxxxx>, linux-btrfs@xxxxxxxxxxxxxxx, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
- In-reply-to: <20190731165803.4755-1-salyzyn@android.com>
- References: <20190731165803.4755-1-salyzyn@android.com>
- References:
- [PATCH v13 0/5] overlayfs override_creds=off
- From: Mark Salyzyn
- [PATCH v13 0/5] overlayfs override_creds=off
- Prev by Date: [PATCH v13 0/5] overlayfs override_creds=off
- Next by Date: [PATCH v13 3/5] overlayfs: handle XATTR_NOSECURITY flag for get xattr method
- Previous by thread: [PATCH v13 0/5] overlayfs override_creds=off
- Next by thread: [PATCH v13 3/5] overlayfs: handle XATTR_NOSECURITY flag for get xattr method
- Index(es):
 |