Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4869127pxu; Thu, 10 Dec 2020 07:24:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJx62Kgh8NNLL7GEaWXyo84iYsbJUfDoH6scctiTTQJU8MFqqx1mEzI4Z1fcWThWozCkUqmm X-Received: by 2002:a17:906:7f10:: with SMTP id d16mr6865554ejr.104.1607613860510; Thu, 10 Dec 2020 07:24:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607613860; cv=none; d=google.com; s=arc-20160816; b=qS/OfMlg8X/64f/2RHydhPT93K/4mnkmnNn+rAjpikIE8HrXbMZa6KXgSBH3vY8ULk xrtoR3MHM88AsWHb2eb/nv/A7Nu+JtxhSUd1FIX2MjqzkxKbg9+HG+SbQ5AXvHWoOFbU sb9mTo6oDnDfF+VpSPSS++gKyWQTC5vHqdOT1tMvG6yowBVK/hn4DHwk0kKnV7tRjc/T DW+B5inohzvxYOfWjGns3c5f8YoIifPy782k8WFpvVBrRd/LzmsK7Ff65/2vMTDbkzMY 8hSpReL9WJMkqSNaP7+fy4flYGueQ8mQJgqSSKsQEI66YvHMcJIbiOiy4rP7Z6vtZ5vU adnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9MkRqt104RVsv5N+YB6WxXi+teVxnu9MbnHIdbKaCUs=; b=Vmfd+J7LEL/HJvsxD1H0nVqbQZKPoPgpooO+UVuARAxzQTlOIvPMznBSRh8OhV0j35 fSxu+Cptlbonf21IMNZxMGHNhpvAKjDBU/bHXaIZlvqsaFh5rY/9/7lusqJkD6Lv0UyR VYb/SrLtmIcmju8ZvVM39xx6R2XcRwyYfTrR+U6LGRvV4ZvzkYnZnJnJInPA4ENuHsKP f3uyr3INAwbzNM3bx3ivFO7HE96U8QoM9MrcksWsFsYsqwr2Yr0TNEmD5W9lsSj0tIEN P4JryUVBITqYOdgrBM3c4OYRAg5BqquFdCTO5GGKVkxkxfMuNThw/dGcQCZESb74FW8/ a4uQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=d2WuHo1t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a23si3084198edy.268.2020.12.10.07.23.57; Thu, 10 Dec 2020 07:24:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=d2WuHo1t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391138AbgLJPUS (ORCPT + 99 others); Thu, 10 Dec 2020 10:20:18 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389991AbgLJPUR (ORCPT ); Thu, 10 Dec 2020 10:20:17 -0500 Received: from mail-vk1-xa42.google.com (mail-vk1-xa42.google.com [IPv6:2607:f8b0:4864:20::a42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ADD16C0613D6 for ; Thu, 10 Dec 2020 07:19:31 -0800 (PST) Received: by mail-vk1-xa42.google.com with SMTP id l187so1294281vki.6 for ; Thu, 10 Dec 2020 07:19:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9MkRqt104RVsv5N+YB6WxXi+teVxnu9MbnHIdbKaCUs=; b=d2WuHo1tCik0k3Fg5z/lUis7T2/Ee7ntUJkrfJIDMKNZFR0sI4ru2CJ8lp2K0L7thL jZxi5N4bJ1s++KgIpr23I6EHVZ5gSxWGuSZq3q+LaV+kgYt49JkqZpHxxuTzgW6fP6X+ 43DjTtxU7TEbsPKG5fNlTQ3WBI2Ih02t2E7Fw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9MkRqt104RVsv5N+YB6WxXi+teVxnu9MbnHIdbKaCUs=; b=snvy/PHaKV+mhkalV71jNwmn2xYTGufXfBd7p1A4SPAr8HAuvE4XIVlnu/R4eiYhUM yDcPxGg9j5GLufVGnSr6NKKGgvKQDejmkqCI/mcv6ruD3rKJPOJhHQn4q2sxlvFERSLZ txyPpNV1grZ8ObibOc4m62xaXaTyL3gHuxvbyAF+w0kBATcFXjMQHrWeO2YKLty7DsJ5 8AYvy7xidEbDXAFSQvaVVdv/7Ehz47cM+vFMk+erC29hcMJp27feMKQoyScJvEuTLdfR U2iC63IGKNeRgoyWVakmi0c8AD78X7FvFtTai+51TaIlwYAkFpp8Ys8cpHSGpowUGOak Fbrg== X-Gm-Message-State: AOAM530u4XNwJ3lpLr3Hl7gWNrBFLi+UsaP8xMzLzRKCJPUZF7ZXTKBp gqVzsTispDoHlWn3jeAgmh7b1nFREW12J+P9rzxmwg== X-Received: by 2002:a1f:b245:: with SMTP id b66mr9258645vkf.3.1607613570896; Thu, 10 Dec 2020 07:19:30 -0800 (PST) MIME-Version: 1.0 References: <20201207163255.564116-1-mszeredi@redhat.com> <20201207163255.564116-5-mszeredi@redhat.com> In-Reply-To: From: Miklos Szeredi Date: Thu, 10 Dec 2020 16:19:19 +0100 Message-ID: Subject: Re: [PATCH v2 04/10] ovl: make ioctl() safe To: James Morris Cc: Miklos Szeredi , "Eric W . Biederman" , linux-fsdevel@vger.kernel.org, overlayfs , LSM , linux-kernel@vger.kernel.org, Dmitry Vyukov Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 9, 2020 at 3:01 AM James Morris wrote: > > On Mon, 7 Dec 2020, Miklos Szeredi wrote: > > > ovl_ioctl_set_flags() does a capability check using flags, but then the > > real ioctl double-fetches flags and uses potentially different value. > > > > The "Check the capability before cred override" comment misleading: user > > can skip this check by presenting benign flags first and then overwriting > > them to non-benign flags. > > Is this a security bug which should be fixed in stable? Yes, good point. Added Cc: stable@... Thanks, Miklos