Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2059924ybv; Fri, 14 Feb 2020 10:39:56 -0800 (PST) X-Google-Smtp-Source: APXvYqyESPRbynU2wR46aySDFRiUUEL7/yy0GwT0qYuLQrplAkHlxiNUuKz2KM+jWgYugycgJSG9 X-Received: by 2002:a9d:51ca:: with SMTP id d10mr3396928oth.76.1581705596342; Fri, 14 Feb 2020 10:39:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581705596; cv=none; d=google.com; s=arc-20160816; b=e/BHHBygdVxejsVAocQzuB8q1MXRhE6akXBG94QiP7SCTGLIlbUcMQuJbhC5F0ql7I cx+mNFXz25B4ZY8FEFSKgwlAego5Jzktr5xuyx2AqGPDEQ/uLZQLdvMEuDgJAHZop7dJ f/BQiYMsBGjludMM2jmGSUsjM7rfiqMIob4GPakPq/TZ5RqZDoip7Y/Jut/uNVcgzdwr dWQH9dw01tIEUUxV0pN+5jcAO5BiVZ2ChtaI3tWJpTK12J2+iciRCy0ogif3JPlzIps0 Qvsf4kcqqQ81kIFm7633D4+XD2iIU8vk+agYZ04v20cKIBauImbmI7tGKaB+vMbg87Dk 5Lfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=FaCcnUC6SCEPREBOdgJrHEQdeKMXDoRX4nEl/ttPrL8=; b=HKGw23Di14aMDpXQ4HBcWAtfAkz94iUl3Ok3KdUHzIczkTx5NnLfKx4q80dOytu9nt UeBNFujINne69b2J5KV+OOd+phgCKWyZY108Ywhlm0IUEZPodonkZ6ehVoPsu6Je0cqC sBwn+cnkRHMWcrn04TpX1xtn3C8/Y4bvNWq4fnOsV4pD6B++0JRk0uoTEmlWUk7GoIWq 2fXHYH35luYUrbX2OUvobuFCKv6D85HFOGSRuNanH4StA2ddqwKSnJM7WGBzbwUJnNLN 6zMQ1Z4fxOoUVfB66PqJ5J5FdWH07vyop9ImXp5QsS+sioSNgtrH8oq+8gG1fR2MuSSD r2Dw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e77si3320182ote.153.2020.02.14.10.39.44; Fri, 14 Feb 2020 10:39:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730556AbgBNSji (ORCPT + 99 others); Fri, 14 Feb 2020 13:39:38 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:33781 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729659AbgBNSjg (ORCPT ); Fri, 14 Feb 2020 13:39:36 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j2fqk-0000uO-FR; Fri, 14 Feb 2020 18:38:02 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH v2 23/28] commoncap: cap_bprm_set_creds(): handle fsid mappings Date: Fri, 14 Feb 2020 19:35:49 +0100 Message-Id: <20200214183554.1133805-24-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org During exec the kfsids are currently reset to the effective kids. To retain the same semantics with the introduction of fsid mappings, we lookup the userspace effective id in the id mappings and translate the effective id into the corresponding kfsid in the fsidmapping. This means, the behavior is unchanged when no fsid mappings are setup and the semantics stay the same even when fsid mappings are setup. Cc: Jann Horn Signed-off-by: Christian Brauner --- /* v2 */ - Christian Brauner : - Reset kfsids used for userns visible filesystems such as proc too. --- security/commoncap.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index f4ee0ae106b2..9641695d8383 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -810,7 +810,10 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) struct cred *new = bprm->cred; bool effective = false, has_fcap = false, is_setid; int ret; - kuid_t root_uid; + kuid_t root_uid, kfsuid; + kgid_t kfsgid; + uid_t fsuid; + gid_t fsgid; if (WARN_ON(!cap_ambient_invariant_ok(old))) return -EPERM; @@ -847,8 +850,15 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) old->cap_permitted); } - new->suid = new->fsuid = new->euid; - new->sgid = new->fsgid = new->egid; + fsuid = from_kuid_munged(new->user_ns, new->euid); + kfsuid = make_kfsuid(new->user_ns, fsuid); + new->suid = new->kfsuid = new->euid; + new->fsuid = kfsuid; + + fsgid = from_kgid_munged(new->user_ns, new->egid); + kfsgid = make_kfsgid(new->user_ns, fsgid); + new->sgid = new->kfsgid = new->egid; + new->fsgid = kfsgid; /* File caps or setid cancels ambient. */ if (has_fcap || is_setid) -- 2.25.0