Am 08.12.2014 um 23:25 schrieb Andy Lutomirski: > On Mon, Dec 8, 2014 at 2:17 PM, Richard Weinberger <richard@xxxxxx> wrote: >> Am 08.12.2014 um 23:07 schrieb Eric W. Biederman: >>> >>> setgroups is unique in not needing a valid mapping before it can be called, >>> in the case of setgroups(0, NULL) which drops all supplemental groups. >>> >>> The design of the user namespace assumes that CAP_SETGID can not actually >>> be used until a gid mapping is established. Therefore add a helper function >>> to see if the user namespace gid mapping has been established and call >>> that function in the setgroups permission check. >>> >>> This is part of the fix for CVE-2014-8989, being able to drop groups >>> without privilege using user namespaces. >>> >>> Cc: stable@xxxxxxxxxxxxxxx >>> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> >>> --- >>> include/linux/user_namespace.h | 9 +++++++++ >>> kernel/groups.c | 7 ++++++- >>> 2 files changed, 15 insertions(+), 1 deletion(-) >>> >>> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h >>> index e95372654f09..41cc26e5a350 100644 >>> --- a/include/linux/user_namespace.h >>> +++ b/include/linux/user_namespace.h >>> @@ -37,6 +37,15 @@ struct user_namespace { >>> >>> extern struct user_namespace init_user_ns; >>> >>> +static inline bool userns_gid_mappings_established(const struct user_namespace *ns) >>> +{ >>> + bool established; >>> + smp_mb__before_atomic(); >>> + established = ACCESS_ONCE(ns->gid_map.nr_extents) != 0; >>> + smp_mb__after_atomic(); >>> + return established; >>> +} >>> + >> >> Maybe this is a stupid question, but why do we need all this magic >> around established = ... ? >> The purpose of this code is to check whether ns->gid_map.nr_extents != 0 >> in a lock-free manner? >> > > See my other comment -- the ordering will matter at the end of the series. But ns->gid_map.nr_extents is not atomic, it is a plain u32. This confuses me. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html