diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2013-04-14 13:47:02 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-04-25 12:51:23 -0700 |
| commit | d2b12161ea5208d87dae24bcc5f3fed9da79262e (patch) | |
| tree | b1fe0dbb9d53fc27cdf348b6d91a2a80084b3dec /lib/flex_array.c | |
| parent | 73f25feefdcc89cce395b86e135e0936cbd2c7ae (diff) | |
userns: Don't let unprivileged users trick privileged users into setting the id_map
commit 6708075f104c3c9b04b23336bb0366ca30c3931b upstream.
When we require privilege for setting /proc/<pid>/uid_map or
/proc/<pid>/gid_map no longer allow an unprivileged user to
open the file and pass it to a privileged program to write
to the file.
Instead when privilege is required require both the opener and the
writer to have the necessary capabilities.
I have tested this code and verified that setting /proc/<pid>/uid_map
fails when an unprivileged user opens the file and a privielged user
attempts to set the mapping, that unprivileged users can still map
their own id, and that a privileged users can still setup an arbitrary
mapping.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/flex_array.c')
0 files changed, 0 insertions, 0 deletions