Commit 41c21e35 authored by Andy Lutomirski's avatar Andy Lutomirski

userns: Changing any namespace id mappings should require privileges

Changing uid/gid/projid mappings doesn't change your id within the
namespace; it reconfigures the namespace.  Unprivileged programs should
*not* be able to write these files.  (We're also checking the privileges
on the wrong task.)

Given the write-once nature of these files and the other security
checks, this is likely impossible to usefully exploit.
Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
parent e3211c12
...@@ -613,10 +613,10 @@ static ssize_t map_write(struct file *file, const char __user *buf, ...@@ -613,10 +613,10 @@ static ssize_t map_write(struct file *file, const char __user *buf,
if (map->nr_extents != 0) if (map->nr_extents != 0)
goto out; goto out;
/* Require the appropriate privilege CAP_SETUID or CAP_SETGID /*
* over the user namespace in order to set the id mapping. * Adjusting namespace settings requires capabilities on the target.
*/ */
if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid)) if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
goto out; goto out;
/* Get a buffer */ /* Get a buffer */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment