summaryrefslogtreecommitdiffstats
path: root/kernel/user_namespace.c
diff options
context:
space:
mode:
authorAndy Lutomirski <luto@amacapital.net>2013-04-14 20:44:04 +0200
committerAndy Lutomirski <luto@amacapital.net>2013-04-15 03:11:32 +0200
commit41c21e351e79004dbb4efa4bc14a53a7e0af38c5 (patch)
tree09f41257304634a6f2dcf48fd99504924a5344f1 /kernel/user_namespace.c
parentuserns: Check uid_map's opener's fsuid, not the current fsuid (diff)
downloadlinux-41c21e351e79004dbb4efa4bc14a53a7e0af38c5.tar.xz
linux-41c21e351e79004dbb4efa4bc14a53a7e0af38c5.zip
userns: Changing any namespace id mappings should require privileges
Changing uid/gid/projid mappings doesn't change your id within the namespace; it reconfigures the namespace. Unprivileged programs should *not* be able to write these files. (We're also checking the privileges on the wrong task.) Given the write-once nature of these files and the other security checks, this is likely impossible to usefully exploit. Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Diffstat (limited to 'kernel/user_namespace.c')
-rw-r--r--kernel/user_namespace.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 5c16f3aa757a..e134d8f365dd 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -613,10 +613,10 @@ static ssize_t map_write(struct file *file, const char __user *buf,
if (map->nr_extents != 0)
goto out;
- /* Require the appropriate privilege CAP_SETUID or CAP_SETGID
- * over the user namespace in order to set the id mapping.
+ /*
+ * Adjusting namespace settings requires capabilities on the target.
*/
- if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid))
+ if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN))
goto out;
/* Get a buffer */