leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LSM: SafeSetID: fix userns handling in securityfs

Browse Source 
Looking at current_cred() in write handlers is bad form, stop doing that.

Also, let's just require that the write is coming from the initial user
namespace. Especially SAFESETID_WHITELIST_FLUSH requires privilege over all
namespaces, and SAFESETID_WHITELIST_ADD should probably require it as well.

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Micah Morton <mortonm@chromium.org>
This commit is contained in:
Jann Horn 2019-04-10 09:55:58 -07:00 committed by Micah Morton
parent 78ae7df96d
commit 71a98971b9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/safesetid/securityfs.c
View File

@ -59,8 +59,8 @@ static int parse_policy_line(
if (ret) if (ret)
return ret; return ret;
*parent = make_kuid(current_user_ns(), parsed_parent); *parent = make_kuid(file->f_cred->user_ns, parsed_parent);
*child = make_kuid(current_user_ns(), parsed_child); *child = make_kuid(file->f_cred->user_ns, parsed_child);
if (!uid_valid(*parent) || !uid_valid(*child)) if (!uid_valid(*parent) || !uid_valid(*child))
return -EINVAL; return -EINVAL;
@ -92,7 +92,7 @@ static ssize_t safesetid_file_write(struct file *file,
kuid_t child; kuid_t child;
int ret; int ret;
if (!ns_capable(current_user_ns(), CAP_MAC_ADMIN)) if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN))
return -EPERM; return -EPERM;
if (*ppos != 0) if (*ppos != 0)