On October 13, 2014 11:05:31 PM PDT, Zefan Li <lizefan@xxxxxxxxxx> wrote: >On 2014/10/14 12:30, Eric W. Biederman wrote: >> Zefan Li <lizefan@xxxxxxxxxx> writes: >> >>> On 2014/9/30 15:53, Francis Moreau wrote: >>>> Hello Zefan Li, >>>> >>>> I'm really not sure but this patch might be needed for 3.4 too. >>>> >>> >>> It looks to me this bug fix is for user namespace only and IIRC >userns was >>> introduced in 3.8, so I'm not going to apply it to 3.4. >>> >>> Same for the other patch. >> >> I don't know about the other patch, and the security issue is with >> respect to user namespaces and unprivileged mounts. The bug where >> remount can clear internal mount flags is present in 3.4. remount >has >> been broken in this way for a long time. >> >> I don't recall which mount flags you the incomplete >MNT_PROPOGATION_MASK >> but I seem to remember that if you were clever and stood on your head >> and squinted you there was at least one flag that could be cleared by >> root by accident. >> > >Thanks for the information. I'll queue it for 3.4. > >The other patch is "mnt: Correct permission checks in do_remount". >http://patchwork.ozlabs.org/patch/382813/ > >I think that's really for 3.8+. Agreed. Eric -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html