Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756730AbbLDV52 (ORCPT ); Fri, 4 Dec 2015 16:57:28 -0500 Received: from h2.hallyn.com ([78.46.35.8]:46971 "EHLO h2.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754867AbbLDV5Y (ORCPT ); Fri, 4 Dec 2015 16:57:24 -0500 Date: Fri, 4 Dec 2015 15:57:22 -0600 From: "Serge E. Hallyn" To: Seth Forshee Cc: "Serge E. Hallyn" , "Eric W. Biederman" , Miklos Szeredi , Alexander Viro , Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov Subject: Re: [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Message-ID: <20151204215722.GB5699@mail.hallyn.com> References: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> <1449070821-73820-19-git-send-email-seth.forshee@canonical.com> <20151204200541.GI3624@mail.hallyn.com> <20151204204319.GF147214@ubuntu-hedt> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151204204319.GF147214@ubuntu-hedt> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1946 Lines: 49 On Fri, Dec 04, 2015 at 02:43:19PM -0600, Seth Forshee wrote: > On Fri, Dec 04, 2015 at 02:05:41PM -0600, Serge E. Hallyn wrote: > > Quoting Seth Forshee (seth.forshee@canonical.com): > > > Unprivileged users are normally restricted from mounting with the > > > allow_other option by system policy, but this could be bypassed > > > for a mount done with user namespace root permissions. In such > > > cases allow_other should not allow users outside the userns > > > to access the mount as doing so would give the unprivileged user > > > the ability to manipulate processes it would otherwise be unable > > > to manipulate. Restrict allow_other to apply to users in the same > > > userns used at mount or a descendant of that namespace. > > > > > > Signed-off-by: Seth Forshee > > > --- > > > fs/fuse/dir.c | 10 ++++++++-- > > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > > > diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c > > > index f67f4dd86b36..5b8edb1203b8 100644 > > > --- a/fs/fuse/dir.c > > > +++ b/fs/fuse/dir.c > > > @@ -1018,8 +1018,14 @@ int fuse_allow_current_process(struct fuse_conn *fc) > > > { > > > const struct cred *cred; > > > > > > - if (fc->flags & FUSE_ALLOW_OTHER) > > > - return 1; > > > + if (fc->flags & FUSE_ALLOW_OTHER) { > > > + struct user_namespace *ns; > > > + for (ns = current_user_ns(); ns; ns = ns->parent) { > > > + if (ns == fc->user_ns) > > > + return 1; > > > + } > > > > use current_in_userns() ? > > Yes, it should. I wrote this before I wrote the patch which adds that > function and never thought to go back to change it here. Ok - Acked-by: Serge Hallyn thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/