On 10/14/2014 07:25 AM, Seth Forshee wrote: > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root permissions. In such > cases allow_other should not allow users outside the user > namespace to access the mount as doing so would give the > unprivileged user the ability to manipulate processes it would > otherwise be unable to manipulate.
What threat is this intended to protect against? I think that, if this is needed, tasks outside the userns or its descendents should be blocked, even if the user ids match. That is, I think you should check the namespace, not the uid and gid. --Andy > > Cc: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/[email protected]> > Cc: Serge H. Hallyn <serge.hallyn-GeWIH/[email protected]> > Signed-off-by: Seth Forshee > <[email protected]> > --- > fs/fuse/dir.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c > index 123db1e06c78..e3123bfbc711 100644 > --- a/fs/fuse/dir.c > +++ b/fs/fuse/dir.c > @@ -1089,12 +1089,20 @@ int fuse_reverse_inval_entry(struct super_block *sb, > u64 parent_nodeid, > */ > int fuse_allow_current_process(struct fuse_conn *fc) > { > - const struct cred *cred; > + const struct cred *cred = current_cred(); > > - if (fc->flags & FUSE_ALLOW_OTHER) > - return 1; > + if (fc->flags & FUSE_ALLOW_OTHER) { > + if (kuid_has_mapping(fc->user_ns, cred->euid) && > + kuid_has_mapping(fc->user_ns, cred->suid) && > + kuid_has_mapping(fc->user_ns, cred->uid) && > + kgid_has_mapping(fc->user_ns, cred->egid) && > + kgid_has_mapping(fc->user_ns, cred->sgid) && > + kgid_has_mapping(fc->user_ns, cred->gid)) > + return 1; > + > + return 0; > + } > > - cred = current_cred(); > if (uid_eq(cred->euid, fc->user_id) && > uid_eq(cred->suid, fc->user_id) && > uid_eq(cred->uid, fc->user_id) && > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
