summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2014-12-06 01:14:19 +0100
committerEric W. Biederman <ebiederm@xmission.com>2014-12-10 00:08:24 +0100
commitbe7c6dba2332cef0677fbabb606e279ae76652c3 (patch)
tree52d7a02dc25a3c2ac64576a9288114d0741cc846
parentuserns: Don't allow setgroups until a gid mapping has been setablished (diff)
downloadlinux-be7c6dba2332cef0677fbabb606e279ae76652c3.tar.xz
linux-be7c6dba2332cef0677fbabb606e279ae76652c3.zip
userns: Don't allow unprivileged creation of gid mappings
As any gid mapping will allow and must allow for backwards compatibility dropping groups don't allow any gid mappings to be established without CAP_SETGID in the parent user namespace. For a small class of applications this change breaks userspace and removes useful functionality. This small class of applications includes tools/testing/selftests/mount/unprivilged-remount-test.c Most of the removed functionality will be added back with the addition of a one way knob to disable setgroups. Once setgroups is disabled setting the gid_map becomes as safe as setting the uid_map. For more common applications that set the uid_map and the gid_map with privilege this change will have no affect. This is part of a fix for CVE-2014-8989. Cc: stable@vger.kernel.org Reviewed-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-rw-r--r--kernel/user_namespace.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 27c8dab48c07..1ce6d67c07b7 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -821,10 +821,6 @@ static bool new_idmap_permitted(const struct file *file,
kuid_t uid = make_kuid(ns->parent, id);
if (uid_eq(uid, file->f_cred->fsuid))
return true;
- } else if (cap_setid == CAP_SETGID) {
- kgid_t gid = make_kgid(ns->parent, id);
- if (gid_eq(gid, file->f_cred->fsgid))
- return true;
}
}