Commit bb825fea authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Luis Henriques

umount: Disallow unprivileged mount force

commit b2f5d4dc upstream.

Forced unmount affects not just the mount namespace but the underlying
superblock as well.  Restrict forced unmount to the global root user
for now.  Otherwise it becomes possible a user in a less privileged
mount namespace to force the shutdown of a superblock of a filesystem
in a more privileged mount namespace, allowing a DOS attack on root.
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent 0f8730f4
...@@ -1448,6 +1448,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags) ...@@ -1448,6 +1448,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
goto dput_and_out; goto dput_and_out;
if (mnt->mnt.mnt_flags & MNT_LOCKED) if (mnt->mnt.mnt_flags & MNT_LOCKED)
goto dput_and_out; goto dput_and_out;
retval = -EPERM;
if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
goto dput_and_out;
retval = do_umount(mnt, flags); retval = do_umount(mnt, flags);
dput_and_out: dput_and_out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment