On Thu, 2016-12-15 at 11:13 -0600, Seth Forshee wrote:
> Since 4.8 follow_automount() overrides the credentials with
> &init_cred before calling d_automount(). When
> rpcauth_lookupcred() is called in this context it is now using
> fs[ug]id from the override creds instead of from the user's
> creds, which can cause authentication to fail. To fix this, take
> the ids from current_real_cred() instead.
>
> Cc: stable@xxxxxxxxxxxxxxx # v4.8+
> CC: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
> Fixes: aeaa4a79ff6a ("fs: Call d_automount with the filesystems
> creds")
> Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
> ---
> net/sunrpc/auth.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
> index 2bff63a73cf8..e6197b2bda86 100644
> --- a/net/sunrpc/auth.c
> +++ b/net/sunrpc/auth.c
> @@ -622,7 +622,7 @@ rpcauth_lookupcred(struct rpc_auth *auth, int
> flags)
> {
> struct auth_cred acred;
> struct rpc_cred *ret;
> - const struct cred *cred = current_cred();
> + const struct cred *cred = current_real_cred();
>
> dprintk("RPC: looking up %s cred\n",
> auth->au_ops->au_name);
Among other things, this will break the access() syscall. It's
completely the wrong level in which to override credentials.
--
Trond Myklebust
Linux NFS client maintainer, PrimaryData
trond.myklebust@xxxxxxxxxxxxxxx
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
