Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964785AbbLBPv0 (ORCPT ); Wed, 2 Dec 2015 10:51:26 -0500 Received: from mail-io0-f175.google.com ([209.85.223.175]:34214 "EHLO mail-io0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758650AbbLBPmF (ORCPT ); Wed, 2 Dec 2015 10:42:05 -0500 From: Seth Forshee To: "Eric W. Biederman" , Alexander Viro Cc: Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , Miklos Szeredi , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Seth Forshee Subject: [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Date: Wed, 2 Dec 2015 09:40:02 -0600 Message-Id: <1449070821-73820-3-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> References: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1238 Lines: 40 Unprivileged users should not be able to mount block devices when they lack sufficient privileges towards the block device inode. Update blkdev_get_by_path() to validate that the user has the required access to the inode at the specified path. The check will be skipped for CAP_SYS_ADMIN, so privileged mounts will continue working as before. Signed-off-by: Seth Forshee --- fs/block_dev.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/block_dev.c b/fs/block_dev.c index 3ebbde85d898..4fdb6ab59816 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -1424,9 +1424,14 @@ struct block_device *blkdev_get_by_path(const char *path, fmode_t mode, void *holder) { struct block_device *bdev; + int perm = 0; int err; - bdev = lookup_bdev(path, 0); + if (mode & FMODE_READ) + perm |= MAY_READ; + if (mode & FMODE_WRITE) + perm |= MAY_WRITE; + bdev = lookup_bdev(path, perm); if (IS_ERR(bdev)) return bdev; -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/