[PATCH v4 05/21] block_dev: Check permissions towards block device inode when mounting

linux-bcache.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Seth Forshee <seth.forshee@canonical.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Serge Hallyn <serge.hallyn@canonical.com>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	Austin S Hemmelgarn <ahferroin7@gmail.com>,
	Miklos Szeredi <mszeredi@redhat.com>,
	Pavel Tikhomirov <ptikhomirov@virtuozzo.com>,
	linux-kernel@vger.kernel.org, linux-bcache@vger.kernel.org,
	dm-devel@redhat.com, linux-raid@vger.kernel.org,
	linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
	fuse-devel@lists.sourceforge.net,
	linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
	cgroups@vger.kernel.org,
	Seth Forshee <seth.forshee@canonical.com>
Subject: [PATCH v4 05/21] block_dev: Check permissions towards block device inode when mounting
Date: Tue, 26 Apr 2016 14:36:18 -0500	[thread overview]
Message-ID: <1461699396-33000-6-git-send-email-seth.forshee@canonical.com> (raw)
In-Reply-To: <1461699396-33000-1-git-send-email-seth.forshee@canonical.com>

Unprivileged users should not be able to mount block devices when
they lack sufficient privileges towards the block device inode.
Update blkdev_get_by_path() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
---
 fs/block_dev.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/block_dev.c b/fs/block_dev.c
index e9b937845bdb..2007040afb7b 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1429,9 +1429,14 @@ struct block_device *blkdev_get_by_path(const char *path, fmode_t mode,
 					void *holder)
 {
 	struct block_device *bdev;
+	int perm = 0;
 	int err;
 
-	bdev = lookup_bdev(path, 0);
+	if (mode & FMODE_READ)
+		perm |= MAY_READ;
+	if (mode & FMODE_WRITE)
+		perm |= MAY_WRITE;
+	bdev = lookup_bdev(path, perm);
 	if (IS_ERR(bdev))
 		return bdev;
 
-- 
2.7.4

next prev parent reply	other threads:[~2016-04-26 19:36 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-26 19:36 [PATCH v4 00/21] Support fuse mounts in user namespaces Seth Forshee
2016-04-26 19:36 ` [PATCH v4 01/21] fs: fix a posible leak of allocated superblock Seth Forshee
2016-04-26 19:36 ` [PATCH v4 04/21] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2016-04-26 19:36 ` Seth Forshee [this message]
2016-04-26 19:36 ` [PATCH v4 06/21] fs: Treat foreign mounts as nosuid Seth Forshee
2016-04-26 19:36 ` [PATCH v4 08/21] userns: Replace in_userns with current_in_userns Seth Forshee
2016-04-26 19:36 ` [PATCH v4 09/21] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2016-04-26 19:36 ` [PATCH v4 10/21] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2016-05-24 15:55   ` Djalal Harouni
2016-04-26 19:36 ` [PATCH v4 11/21] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2016-04-26 19:36 ` [PATCH v4 15/21] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
     [not found] ` <1461699396-33000-1-git-send-email-seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
2016-04-26 19:36   ` [PATCH v4 02/21] fs: Remove check of s_user_ns for existing mounts in fs_fully_visible() Seth Forshee
2016-04-26 19:36   ` [PATCH v4 03/21] fs: Allow sysfs and cgroupfs to share super blocks between user namespaces Seth Forshee
2016-04-26 19:36   ` [PATCH v4 07/21] selinux: Add support for unprivileged mounts from " Seth Forshee
2016-04-26 19:36   ` [PATCH v4 12/21] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2016-04-26 19:36   ` [PATCH v4 13/21] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2016-04-26 19:36   ` [PATCH v4 14/21] fs: Allow superblock owner to change ownership of inodes with unmappable ids Seth Forshee
2016-04-26 19:36   ` [PATCH v4 16/21] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2016-04-26 19:36   ` [PATCH v4 17/21] capabilities: Allow privileged user in s_user_ns to set security.* xattrs Seth Forshee
     [not found]     ` <1461699396-33000-18-git-send-email-seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
2016-04-27  7:22       ` James Morris
2016-04-26 19:36   ` [PATCH v4 18/21] fuse: Add support for pid namespaces Seth Forshee
2016-07-20  2:44     ` Sheng Yang
     [not found]       ` <CA+2rt426_pshAauQizcxkfAq16vmEpB4sJ4genW_ucosH3j=zQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-07-20 12:52         ` Seth Forshee
2016-07-20 22:28           ` Sheng Yang
2016-07-21  7:25           ` Miklos Szeredi
2016-04-26 19:36   ` [PATCH v4 19/21] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2016-04-26 19:36 ` [PATCH v4 20/21] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2016-04-26 19:36 ` [PATCH v4 21/21] fuse: Allow user namespace mounts Seth Forshee

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e9b937845bd dfblob:2007040afb7 )
 OR (
bs:"[PATCH v4 05/21] block_dev: Check permissions towards block device inode when mounting" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1461699396-33000-6-git-send-email-seth.forshee@canonical.com \
    --to=seth.forshee@canonical.com \
    --cc=ahferroin7@gmail.com \
    --cc=cgroups@vger.kernel.org \
    --cc=dm-devel@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=fuse-devel@lists.sourceforge.net \
    --cc=linux-bcache@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mszeredi@redhat.com \
    --cc=ptikhomirov@virtuozzo.com \
    --cc=richard.weinberger@gmail.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=serge.hallyn@canonical.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).