From: Seth Forshee <seth.forshee@canonical.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Serge Hallyn <serge.hallyn@canonical.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
Austin S Hemmelgarn <ahferroin7@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-bcache@vger.kernel.org, dm-devel@redhat.com,
linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
fuse-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
Seth Forshee <seth.forshee@canonical.com>
Subject: [PATCH v2 02/18] block_dev: Check permissions towards block device inode when mounting
Date: Mon, 7 Dec 2015 15:21:11 -0600 [thread overview]
Message-ID: <1449523289-144238-3-git-send-email-seth.forshee@canonical.com> (raw)
In-Reply-To: <1449523289-144238-1-git-send-email-seth.forshee@canonical.com>
Unprivileged users should not be able to mount block devices when
they lack sufficient privileges towards the block device inode.
Update blkdev_get_by_path() to validate that the user has the
required access to the inode at the specified path. The check
will be skipped for CAP_SYS_ADMIN, so privileged mounts will
continue working as before.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
---
fs/block_dev.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 3ebbde85d898..4fdb6ab59816 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1424,9 +1424,14 @@ struct block_device *blkdev_get_by_path(const char *path, fmode_t mode,
void *holder)
{
struct block_device *bdev;
+ int perm = 0;
int err;
- bdev = lookup_bdev(path, 0);
+ if (mode & FMODE_READ)
+ perm |= MAY_READ;
+ if (mode & FMODE_WRITE)
+ perm |= MAY_WRITE;
+ bdev = lookup_bdev(path, perm);
if (IS_ERR(bdev))
return bdev;
--
1.9.1
next prev parent reply other threads:[~2015-12-07 21:23 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-07 21:21 [PATCH v2 00/19] Support fuse mounts in user namespaces Seth Forshee
2015-12-07 21:21 ` [PATCH v2 01/18] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-12-07 21:21 ` Seth Forshee [this message]
2015-12-07 21:21 ` [PATCH v2 03/18] fs: Treat foreign mounts as nosuid Seth Forshee
2015-12-07 21:21 ` [PATCH v2 04/18] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-12-07 21:21 ` [PATCH v2 05/18] userns: Replace in_userns with current_in_userns Seth Forshee
2015-12-07 21:21 ` [PATCH v2 06/18] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-12-07 21:21 ` [PATCH v2 07/18] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2015-12-07 21:21 ` [PATCH v2 08/18] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2015-12-07 21:21 ` [PATCH v2 09/18] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2015-12-07 21:21 ` [PATCH v2 10/18] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2015-12-07 21:21 ` [PATCH v2 11/18] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
2015-12-07 21:21 ` [PATCH v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
2015-12-07 21:21 ` [PATCH v2 13/18] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2015-12-07 21:21 ` [PATCH v2 14/18] capabilities: Allow privileged user in s_user_ns to set security.* xattrs Seth Forshee
2015-12-07 21:21 ` [PATCH v2 15/18] fuse: Add support for pid namespaces Seth Forshee
2015-12-07 21:21 ` [PATCH v2 16/18] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2015-12-07 21:21 ` [PATCH v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2015-12-07 21:21 ` [PATCH v2 18/18] fuse: Allow user namespace mounts Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449523289-144238-3-git-send-email-seth.forshee@canonical.com \
--to=seth.forshee@canonical.com \
--cc=ahferroin7@gmail.com \
--cc=dm-devel@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-bcache@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=richard.weinberger@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).