Re: [PATCH 05/24] devtmpfs: open code ksys_chdir and ksys_chroot
From: Al Viro <viro@zeniv.linux.org.uk>
Date: 2020-07-21 17:16:33
Also in:
linux-fsdevel, linux-raid, lkml
From: Al Viro <viro@zeniv.linux.org.uk>
Date: 2020-07-21 17:16:33
Also in:
linux-fsdevel, linux-raid, lkml
On Tue, Jul 21, 2020 at 09:49:17AM -0700, Linus Torvalds wrote:
On Tue, Jul 21, 2020 at 9:28 AM Christoph Hellwig [off-list ref] wrote:quoted
+ + /* traverse into overmounted root and then chroot to it */ + if (!kern_path("/..", LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path) && + !inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR) && + ns_capable(current_user_ns(), CAP_SYS_CHROOT) && + !security_path_chroot(&path)) { + set_fs_pwd(current->fs, &path); + set_fs_root(current->fs, &path); + } + path_put(&path);This looks wrong.
It is wrong. kern_path() leaves *path unmodified in case of error, and that struct path is uninitialized here.