From: Oleg Nesterov <oleg@redhat.com>
To: security@kernel.org, oss-security@lists.openwall.com,
Petr Matousek <pmatouse@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@amacapital.net>,
David Howells <dhowells@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure
Date: Tue, 6 Aug 2013 19:38:55 +0200 [thread overview]
Message-ID: <20130806173855.GB24908@redhat.com> (raw)
In-Reply-To: <20130806173827.GA24908@redhat.com>
unshare_userns(new_cred) does *new_cred = prepare_creds() before
create_user_ns() which can fail. However, the caller expects that
it doesn't need to take care of new_cred if unshare_userns() fails.
We could change the single caller, sys_unshare(), but I think it
would be more clean to avoid the side effects on failure, so with
this patch unshare_userns() does put_cred() itself and initializes
*new_cred only if create_user_ns() succeeeds.
Cc: stable@vger.kernel.org
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
kernel/user_namespace.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index d8c30db..6e50a44 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -105,16 +105,21 @@ int create_user_ns(struct cred *new)
int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
{
struct cred *cred;
+ int err = -ENOMEM;
if (!(unshare_flags & CLONE_NEWUSER))
return 0;
cred = prepare_creds();
- if (!cred)
- return -ENOMEM;
+ if (cred) {
+ err = create_user_ns(cred);
+ if (err)
+ put_cred(cred);
+ else
+ *new_cred = cred;
+ }
- *new_cred = cred;
- return create_user_ns(cred);
+ return err;
}
void free_user_ns(struct user_namespace *ns)
--
1.5.5.1
next parent reply other threads:[~2013-08-06 17:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20130806143148.GG15178@dhcp-25-225.brq.redhat.com>
[not found] ` <20130806164745.GA17343@redhat.com>
[not found] ` <20130806173827.GA24908@redhat.com>
2013-08-06 17:38 ` Oleg Nesterov [this message]
2013-08-06 18:14 ` [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Andy Lutomirski
2013-08-06 20:56 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130806173855.GB24908@redhat.com \
--to=oleg@redhat.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oss-security@lists.openwall.com \
--cc=pmatouse@redhat.com \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.