[PATCH v4 11/21] cred: Reject inodes with invalid ids in set_create_file_as()

[PATCH v4 00/21] Support fuse mounts in user namespaces · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 06/21] fs: Treat foreign mounts as nosuid · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 08/21] userns: Replace in_userns with current_in_userns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 09/21] Smack: Handle labels consistently in untrusted mounts · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 16/21] fs: Allow superblock owner to access do_remount_sb() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 21/21] fuse: Allow user namespace mounts · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 01/21] fs: fix a posible leak of allocated superblock · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 04/21] block_dev: Support checking inode permissions in lookup_bdev() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 05/21] block_dev: Check permissions towards block device inode when mounting · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 07/21] selinux: Add support for unprivileged mounts from user namespaces · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 10/21] fs: Check for invalid i_uid in may_follow_link() · Seth Forshee <hidden> · 2016-04-26
Re: [PATCH v4 10/21] fs: Check for invalid i_uid in may_follow_link() · Djalal Harouni <hidden> · 2016-05-24
[PATCH v4 11/21] cred: Reject inodes with invalid ids in set_create_file_as() · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 12/21] fs: Refuse uid/gid changes which don't map into s_user_ns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 13/21] fs: Update posix_acl support to handle user namespace mounts · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs · Seth Forshee <hidden> · 2016-04-26
Re: [PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs · James Morris <jmorris@namei.org> · 2016-04-27
[PATCH v4 15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 19/21] fuse: Support fuse filesystems outside of init_user_ns · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant · Seth Forshee <hidden> · 2016-04-26
[PATCH v4 18/21] fuse: Add support for pid namespaces · Seth Forshee <hidden> · 2016-04-26
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Sheng Yang <hidden> · 2016-07-20
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Seth Forshee <hidden> · 2016-07-20
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Sheng Yang <hidden> · 2016-07-20
Re: [PATCH v4 18/21] fuse: Add support for pid namespaces · Miklos Szeredi <hidden> · 2016-07-21

STALE3619d REVIEWED: 1 (0M)

Revisions (5)

2015-12-02 v1 [diff vs current]
2015-12-07 v2 [diff vs current]
2016-01-04 v2 [diff vs current]
2016-04-22 v3 [diff vs current]
2016-04-26 v4 current

From: Seth Forshee <hidden>
Date: 2016-04-26 19:37:05
Also in: cgroups, dm-devel, linux-bcache, linux-fsdevel, lkml, selinux
Subsystem: credentials, the rest · Maintainers: Paul Moore, Linus Torvalds

Using INVALID_[UG]ID for the LSM file creation context doesn't
make sense, so return an error if the inode passed to
set_create_file_as() has an invalid id.

Signed-off-by: Seth Forshee <redacted>
Acked-by: Serge Hallyn <redacted>
---
 kernel/cred.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/cred.c b/kernel/cred.c
index 0c0cd8a62285..5f264fb5737d 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c

@@ -689,6 +689,8 @@ EXPORT_SYMBOL(set_security_override_from_ctx);
  */
 int set_create_files_as(struct cred *new, struct inode *inode)
 {
+	if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
+		return -EINVAL;
 	new->fsuid = inode->i_uid;
 	new->fsgid = inode->i_gid;
 	return security_kernel_create_files_as(new, inode);

-- 
2.7.4


______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help