AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 15:50:59 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
db181ce011
linux_dsm_epyc7002/include
History
Eric W. Biederman 9566d67428 mnt: Correct permission checks in do_remount 
While invesgiating the issue where in "mount --bind -oremount,ro ..."
would result in later "mount --bind -oremount,rw" succeeding even if
the mount started off locked I realized that there are several
additional mount flags that should be locked and are not.

In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime
flags in addition to MNT_READONLY should all be locked.  These
flags are all per superblock, can all be changed with MS_BIND,
and should not be changable if set by a more privileged user.

The following additions to the current logic are added in this patch.
- nosuid may not be clearable by a less privileged user.
- nodev  may not be clearable by a less privielged user.
- noexec may not be clearable by a less privileged user.
- atime flags may not be changeable by a less privileged user.

The logic with atime is that always setting atime on access is a
global policy and backup software and auditing software could break if
atime bits are not updated (when they are configured to be updated),
and serious performance degradation could result (DOS attack) if atime
updates happen when they have been explicitly disabled.  Therefore an
unprivileged user should not be able to mess with the atime bits set
by a more privileged user.

The additional restrictions are implemented with the addition of
MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME
mnt flags.

Taken together these changes and the fixes for MNT_LOCK_READONLY
should make it safe for an unprivileged user to create a user
namespace and to call "mount --bind -o remount,... ..." without
the danger of mount flags being changed maliciously.

Cc: stable@vger.kernel.org
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2014-07-31 17:12:34 -07:00
..
acpi ACPI / i915: ignore firmware requests for backlight change 2014-07-07 23:38:05 +02:00
asm-generic core: fix typo in percpu read_mostly section 2014-07-01 16:45:22 -04:00
clocksource
crypto
drm sound fixes for 3.16-rc4 2014-07-04 08:56:57 -07:00
dt-bindings This batch of fixes is for a handful of clock drivers from Allwinner, 2014-07-13 12:21:04 -07:00
keys
kvm
linux mnt: Correct permission checks in do_remount 2014-07-31 17:12:34 -07:00
math-emu
media Merge branch 'topic/omap3isp' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-06-12 23:04:28 -07:00
memory
misc
net neigh: sysctl - simplify address calculation of gc_* variables 2014-07-14 14:32:51 -07:00
pcmcia
ras
rdma Merge branches 'core', 'cxgb3', 'cxgb4', 'iser', 'iwpm', 'misc', 'mlx4', 'mlx5', 'noio', 'ocrdma', 'qib', 'srp' and 'usnic' into for-next 2014-06-10 10:12:14 -07:00
rxrpc
scsi SCSI for-linus on 20140705 2014-07-06 12:08:30 -07:00
sound ALSA: control: Protect user controls against concurrent access 2014-06-18 15:12:33 +02:00
target target: Report correct response length for some commands 2014-06-11 12:15:30 -07:00
trace tracing: Add __field_struct macro for TRACE_EVENT() 2014-06-21 00:18:42 -04:00
uapi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2014-07-04 08:53:53 -07:00
video Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2014-06-12 11:32:30 -07:00
xen Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-06-12 14:27:40 -07:00
Kbuild