• Seth Forshee's avatar
    UBUNTU: SAUCE: overlayfs: Be more careful about copying up sxid files · e29f45d6
    Seth Forshee authored
    When an overlayfs filesystem's lowerdir is on a nosuid filesystem
    but the upperdir is not, it's possible to copy up an sxid file or
    stick directory into upperdir without changing the mode by
    opening the file rw in the overlayfs mount without writing to it.
    This makes it possible to bypass the nosuid restriction on the
    lowerdir mount.
    
    It's a bad idea in general to let the mounter copy up a sxid file
    if the mounter wouldn't have had permission to create the sxid
    file in the first place. Therefore change ovl_set_xattr to
    exclude these bits when initially setting the mode, then set the
    full mode after setting the user for the inode. This allows copy
    up for non-sxid files to work as before but causes copy up to
    fail for the cases where the user could not have created the sxid
    inode in upperdir.
    
    BugLink: http://bugs.launchpad.net/bugs/1534961
    BugLink: http://bugs.launchpad.net/bugs/1535150Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
    e29f45d6
copy_up.c 9.29 KB