On 2014/10/14 12:30, Eric W. Biederman wrote: > Zefan Li <lizefan@xxxxxxxxxx> writes: > >> On 2014/9/30 15:53, Francis Moreau wrote: >>> Hello Zefan Li, >>> >>> I'm really not sure but this patch might be needed for 3.4 too. >>> >> >> It looks to me this bug fix is for user namespace only and IIRC userns was >> introduced in 3.8, so I'm not going to apply it to 3.4. >> >> Same for the other patch. > > I don't know about the other patch, and the security issue is with > respect to user namespaces and unprivileged mounts. The bug where > remount can clear internal mount flags is present in 3.4. remount has > been broken in this way for a long time. > > I don't recall which mount flags you the incomplete MNT_PROPOGATION_MASK > but I seem to remember that if you were clever and stood on your head > and squinted you there was at least one flag that could be cleared by > root by accident. > Thanks for the information. I'll queue it for 3.4. The other patch is "mnt: Correct permission checks in do_remount". http://patchwork.ozlabs.org/patch/382813/ I think that's really for 3.8+. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html