From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH review  4/4] vfs: Do not allow escaping from bind mounts.
Date: Fri, 10 Apr 2015 00:22:13 +0100
Message-ID: <20150409232212.GX889@ZenIV.linux.org.uk>
References: <871tncuaf6.fsf@x220.int.ebiederm.org>
 <87mw5xq7lt.fsf@x220.int.ebiederm.org>
 <87a8yqou41.fsf_-_@x220.int.ebiederm.org>
 <874moq9oyb.fsf_-_@x220.int.ebiederm.org>
 <87iod68aa3.fsf_-_@x220.int.ebiederm.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Linux Containers <containers@lists.linux-foundation.org>,
	linux-fsdevel@vger.kernel.org,
	Andy Lutomirski <luto@amacapital.net>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Richard Weinberger <richard@nod.at>,
	Andrey Vagin <avagin@openvz.org>, Jann Horn <jann@thejh.net>,
	Willy Tarreau <w@1wt.eu>, Omar Sandoval <osandov@osandov.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:49249 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754841AbbDIXWQ (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 9 Apr 2015 19:22:16 -0400
Content-Disposition: inline
In-Reply-To: <87iod68aa3.fsf_-_@x220.int.ebiederm.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Wed, Apr 08, 2015 at 06:34:12PM -0500, Eric W. Biederman wrote:
> +	if (ancestor) {
> +		mark_violated_mounts(dentry, ancestor);
> +		mark_violated_mounts(target, ancestor);
> +	}

Umm...  Both sides the same way, regardless of whether it's exchange or
move?  Looks wrong...

Look:

mkdir /tmp/a
mkdir /tmp/b
mkdir /tmp/c
mkdir /tmp/b/c
touch /tmp/a/x
mount --bind /tmp/b /tmp/c
mv /tmp/a/x /tmp/b/c/x

should that make the vfsmount on /tmp/c violated?  And if so, why?