* [PATCH] user namespaces: require cap_set{ug}id for CLONE_NEWUSER
@ 2008-12-01 18:52 Serge E. Hallyn
0 siblings, 0 replies; only message in thread
From: Serge E. Hallyn @ 2008-12-01 18:52 UTC (permalink / raw)
To: Eric W. Biederman, Linux Containers
thoughts? (patch is on top of
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6.git#next)
thanks,
-serge
Subject: [PATCH] user namespaces: require cap_set{ug}id for CLONE_NEWUSER
While ideally CLONE_NEWUSER will eventually require no
privilege, the required permission checks are currently
not there. As a result, CLONE_NEWUSER has the same effect
as a setuid(0)+setgroups(1,"0"). While we already require
CAP_SYS_ADMIN, requiring CAP_SETUID and CAP_SETGID seems
appropriate.
Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
kernel/fork.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
32c36be0621dba3bf05af3d2df843ce803d25831
diff --git a/kernel/fork.c b/kernel/fork.c
index 1dd8945..e3a85b3 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1344,7 +1344,8 @@ long do_fork(unsigned long clone_flags,
/* hopefully this check will go away when userns support is
* complete
*/
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
+ !capable(CAP_SETGID))
return -EPERM;
}
--
1.1.6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2008-12-01 18:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-01 18:52 [PATCH] user namespaces: require cap_set{ug}id for CLONE_NEWUSER Serge E. Hallyn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox