Thread (37 messages) 37 messages, 3 authors, 2020-07-22

Re: [PATCH 05/24] devtmpfs: open code ksys_chdir and ksys_chroot

From: Al Viro <viro@zeniv.linux.org.uk>
Date: 2020-07-21 17:16:33
Also in: linux-fsdevel, linux-raid, lkml

On Tue, Jul 21, 2020 at 09:49:17AM -0700, Linus Torvalds wrote:
On Tue, Jul 21, 2020 at 9:28 AM Christoph Hellwig [off-list ref] wrote:
quoted
+
+       /* traverse into overmounted root and then chroot to it */
+       if (!kern_path("/..", LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path) &&
+           !inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR) &&
+           ns_capable(current_user_ns(), CAP_SYS_CHROOT) &&
+           !security_path_chroot(&path)) {
+               set_fs_pwd(current->fs, &path);
+               set_fs_root(current->fs, &path);
+       }
+       path_put(&path);
This looks wrong.
It is wrong.  kern_path() leaves *path unmodified in case of error, and
that struct path is uninitialized here.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help