Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2059276ybv; Fri, 14 Feb 2020 10:39:13 -0800 (PST) X-Google-Smtp-Source: APXvYqwmf8gl1SLXPcgjbjZSOhWHgLALmD4Xvf+La5S/e2pvoHB6VAIg5DnJhLEE4i9L2DkesBsR X-Received: by 2002:a05:6808:3b4:: with SMTP id n20mr2751914oie.78.1581705553150; Fri, 14 Feb 2020 10:39:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581705553; cv=none; d=google.com; s=arc-20160816; b=YXl43EYMfSQ13NCVE4EavXzQixahQKL8FgnEMreH1ydGaWjKUqvIrlAjGaEQUXaEDK Mw5eee4akP/Qd3PP2hMVoTScherbZC9WAQd/SWU/qxRyXa9/1Jd6DcsKc7PmBT1rpUr+ JBoGyVpuf2lcJyuTJAfycZckJ2HKEoSI6GTaQmdaDmfIMBqCbQY2dDAl1kHZxUJCmT6w 94jLNY0DbdEhsR3TSqwLScNRw8EsKLa2nfLQcKEUUOUS1rxYmcbxzrt3RJ6P2dIeXiAe aOdW48/KYHamVBcclve68jBsaXiOdueReNu1e7DOETj8XA0QKl0WTM2IHlJTY1r9TtFT ay7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=MeMx9oDrUfI3h9SUmwaEXK46E2ZaZGNlb3JpwCoerL0=; b=IAAlIO4cJjVrTRk77d0t2VD2T1TCoMM+G2AQJ3sA05lPqrCGYjPUoYbHg1ML09exwu Z/XIq4+kd4dDvCn7yNg8c+6xVR4x7GJQ/A/3z3tHNtxrfPG2i3RZG6PDXyYnRgPcQZxu so+RouK4VuefAQvC8cuyRQG72McwNMyyqF2ze5k2Kxxz3naf5MpLm5+yMXu67U5MoWs4 kkkabYVfi3S+uAENs9N3cdAj7Ro5eLy0L2ovlPO/958et6H2kQgVIVE9ZinmrUNI1fMu OYOYbMhnE2nRQRmwKZsFt/6YGxwPAc6boVyY+AQoUThdS7aUtdo1iawoNFS5QN4vhILv 5cfA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o25si3399916otk.28.2020.02.14.10.39.01; Fri, 14 Feb 2020 10:39:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390263AbgBNSid (ORCPT + 99 others); Fri, 14 Feb 2020 13:38:33 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:33720 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388660AbgBNSiI (ORCPT ); Fri, 14 Feb 2020 13:38:08 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j2fqV-0000uO-RM; Fri, 14 Feb 2020 18:37:47 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 13/28] sys:__sys_setresuid(): handle fsid mappings Date: Fri, 14 Feb 2020 19:35:39 +0100 Message-Id: <20200214183554.1133805-14-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Switch setresuid() to lookup fsids in the fsid mappings. If no fsid mappings are setup the behavior is unchanged, i.e. fsids are looked up in the id mappings. During setresuid() the kfsuid is set to the keuid corresponding the euid that is requested by userspace. If the requested euid is -1 the kfsuid is reset to the current keuid. For the latter case this means we need to lookup the corresponding userspace euid corresponding to the current keuid in the id mappings and translate this euid into the corresponding kfsuid in the fsid mappings. The kfsid to cleanly handle userns visible filesystem is set as before. We require that a user must have a valid fsid mapping for the target id. This is consistent with how the setid calls work today without fsid mappings. Signed-off-by: Christian Brauner --- /* v2 */ - Christian Brauner : - set kfsid which is used when dealing with proc permission checking --- kernel/sys.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 22eea030d9e7..54e072145146 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -654,7 +654,7 @@ long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) const struct cred *old; struct cred *new; int retval; - kuid_t kruid, keuid, ksuid; + kuid_t kruid, keuid, ksuid, kfsuid; kruid = make_kuid(ns, ruid); keuid = make_kuid(ns, euid); @@ -696,11 +696,21 @@ long __sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) goto error; } } - if (euid != (uid_t) -1) + if (euid != (uid_t) -1) { new->euid = keuid; + kfsuid = make_kfsuid(ns, euid); + } else { + kfsuid = kuid_to_kfsuid(new->user_ns, new->euid); + } + if (!uid_valid(kfsuid)) { + return -EINVAL; + goto error; + } + if (suid != (uid_t) -1) new->suid = ksuid; - new->fsuid = new->euid; + new->kfsuid = new->euid; + new->fsuid = kfsuid; retval = security_task_fix_setuid(new, old, LSM_SETID_RES); if (retval < 0) -- 2.25.0