diff options
| author | Serge E. Hallyn <serge.hallyn@canonical.com> | 2011-07-26 18:58:28 +0000 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@aristanetworks.com> | 2011-08-11 10:07:51 -0500 |
| commit | dd1384b334fbe9144677db8612f53acae8837555 (patch) | |
| tree | b1f6477b4516dadb7eb0413ed60a098225d71f77 | |
| parent | a3e1c336c2f555197ee86b60bb742636eb60e24c (diff) | |
| download | linux-user-ns-devel-dd1384b334fbe9144677db8612f53acae8837555.tar.gz | |
userns: clamp down users of cap_raised
A few modules are using cap_raised(current_cap(), cap) to authorize
actions, but the privilege should be applicable against the initial
user namespace. Refuse privilege if the caller is not in init_user_ns.
Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | drivers/block/drbd/drbd_nl.c | 5 | ||||
| -rw-r--r-- | drivers/md/dm-log-userspace-transfer.c | 3 | ||||
| -rw-r--r-- | drivers/staging/pohmelfs/config.c | 3 | ||||
| -rw-r--r-- | drivers/video/uvesafb.c | 3 |
4 files changed, 14 insertions, 0 deletions
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c index 515bcd948a43d..7717f8a82fa14 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c @@ -2297,6 +2297,11 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms return; } + if (current_user_ns() != &init_user_ns) { + retcode = ERR_PERM; + goto fail; + } + if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) { retcode = ERR_PERM; goto fail; diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c index 1f23e048f0771..140ca81230366 100644 --- a/drivers/md/dm-log-userspace-transfer.c +++ b/drivers/md/dm-log-userspace-transfer.c @@ -134,6 +134,9 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp) { struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1); + if (current_user_ns() != &init_user_ns) + return; + if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) return; diff --git a/drivers/staging/pohmelfs/config.c b/drivers/staging/pohmelfs/config.c index b6c42cb0d1c64..cd259d0f8a36e 100644 --- a/drivers/staging/pohmelfs/config.c +++ b/drivers/staging/pohmelfs/config.c @@ -525,6 +525,9 @@ static void pohmelfs_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *n { int err; + if (current_user_ns() != &init_user_ns) + return; + if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) return; diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c index 7f8472cc993b2..71dab8e7338e3 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -73,6 +73,9 @@ static void uvesafb_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *ns struct uvesafb_task *utask; struct uvesafb_ktask *task; + if (current_user_ns() != &init_user_ns) + return; + if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) return; |