Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-14 Thread Andy Lutomirski
On Mon, Oct 13, 2014 at 11:53 PM, Linus Torvalds wrote: > On Tue, Oct 14, 2014 at 7:33 AM, Andy Lutomirski wrote: >> >> Linus, can you pull this? > > Pulled. You didn't mark the commit for stable. Oversight? Yeah. I'll email. > >Linus -- Andy Lutomirski AMA Capital Management, LLC

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-14 Thread Linus Torvalds
On Tue, Oct 14, 2014 at 7:33 AM, Andy Lutomirski wrote: > > Linus, can you pull this? Pulled. You didn't mark the commit for stable. Oversight? Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-14 Thread Linus Torvalds
On Tue, Oct 14, 2014 at 7:33 AM, Andy Lutomirski l...@amacapital.net wrote: Linus, can you pull this? Pulled. You didn't mark the commit for stable. Oversight? Linus -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-14 Thread Andy Lutomirski
On Mon, Oct 13, 2014 at 11:53 PM, Linus Torvalds torva...@linux-foundation.org wrote: On Tue, Oct 14, 2014 at 7:33 AM, Andy Lutomirski l...@amacapital.net wrote: Linus, can you pull this? Pulled. You didn't mark the commit for stable. Oversight? Yeah. I'll email. Linus -- Andy

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-13 Thread Andy Lutomirski
On Thu, Oct 9, 2014 at 3:36 PM, Andy Lutomirski wrote: > On Wed, Oct 8, 2014 at 12:37 PM, Andy Lutomirski wrote: >> Accessing do_remount_sb should require global CAP_SYS_ADMIN, but >> only one of the two call sites was appropriately protected. >> >> Fixes CVE-2014-7975. > > Due to my ineptitude,

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-13 Thread Andy Lutomirski
On Thu, Oct 9, 2014 at 3:36 PM, Andy Lutomirski l...@amacapital.net wrote: On Wed, Oct 8, 2014 at 12:37 PM, Andy Lutomirski l...@amacapital.net wrote: Accessing do_remount_sb should require global CAP_SYS_ADMIN, but only one of the two call sites was appropriately protected. Fixes

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-09 Thread Andy Lutomirski
On Wed, Oct 8, 2014 at 12:37 PM, Andy Lutomirski wrote: > Accessing do_remount_sb should require global CAP_SYS_ADMIN, but > only one of the two call sites was appropriately protected. > > Fixes CVE-2014-7975. Due to my ineptitude, the cat is well and truly out of the bag on this one, complete

Re: [PATCH] fs: Add a missing permission check to do_umount

2014-10-09 Thread Andy Lutomirski
On Wed, Oct 8, 2014 at 12:37 PM, Andy Lutomirski l...@amacapital.net wrote: Accessing do_remount_sb should require global CAP_SYS_ADMIN, but only one of the two call sites was appropriately protected. Fixes CVE-2014-7975. Due to my ineptitude, the cat is well and truly out of the bag on this