Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754697AbbGPNHP (ORCPT ); Thu, 16 Jul 2015 09:07:15 -0400 Received: from mail-ob0-f173.google.com ([209.85.214.173]:35130 "EHLO mail-ob0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753301AbbGPNHL (ORCPT ); Thu, 16 Jul 2015 09:07:11 -0400 Date: Thu, 16 Jul 2015 08:06:07 -0500 From: Seth Forshee To: Andy Lutomirski Cc: "Eric W. Biederman" , "Serge E. Hallyn" , Alexander Viro , Serge Hallyn , James Morris , Linux FS Devel , LSM List , SELinux-NSA , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH 3/7] fs: Ignore file caps in mounts from other user namespaces Message-ID: <20150716130607.GA77715@ubuntu-hedt> References: <1436989569-69582-1-git-send-email-seth.forshee@canonical.com> <1436989569-69582-4-git-send-email-seth.forshee@canonical.com> <20150715214848.GA24204@mail.hallyn.com> <87wpy1camr.fsf@x220.int.ebiederm.org> <20150716011410.GA74046@ubuntu-hedt> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 867 Lines: 18 On Wed, Jul 15, 2015 at 06:23:01PM -0700, Andy Lutomirski wrote: > > So if we have the s_user_ns check in get_file_caps the mnt_may_suid pass > > isn't strictly necessary, but I still think it is useful as a mitigation > > to the "leaks" Eric mentions. It _should_ be impossible for a user to > > gain access to another user's mount namespace, > > No, it's very easy with SCM_RIGHTS. We should make sure it's safe. Sure, what I really meant was that an attacker shouldn't be able to do so without cooperation from the other user's processes. But I think we're all in agreement that making it safe is a good idea. Seth -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/