From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ig0-f171.google.com ([209.85.213.171]:37333 "EHLO mail-ig0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752316AbcADSEr (ORCPT ); Mon, 4 Jan 2016 13:04:47 -0500 Received: by mail-ig0-f171.google.com with SMTP id to18so224107657igc.0 for ; Mon, 04 Jan 2016 10:04:47 -0800 (PST) From: Seth Forshee To: "Eric W. Biederman" , Miklos Szeredi Cc: Alexander Viro , Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , linux-kernel@vger.kernel.org, linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Seth Forshee Subject: [PATCH RESEND v2 17/18] fuse: Restrict allow_other to the superblock's namespace or a descendant Date: Mon, 4 Jan 2016 12:03:56 -0600 Message-Id: <1451930639-94331-18-git-send-email-seth.forshee@canonical.com> In-Reply-To: <1451930639-94331-1-git-send-email-seth.forshee@canonical.com> References: <1451930639-94331-1-git-send-email-seth.forshee@canonical.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Unprivileged users are normally restricted from mounting with the allow_other option by system policy, but this could be bypassed for a mount done with user namespace root permissions. In such cases allow_other should not allow users outside the userns to access the mount as doing so would give the unprivileged user the ability to manipulate processes it would otherwise be unable to manipulate. Restrict allow_other to apply to users in the same userns used at mount or a descendant of that namespace. Signed-off-by: Seth Forshee Acked-by: Serge Hallyn --- fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c index 8fd9fe4dcd43..24e4cdb554f1 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1015,7 +1015,7 @@ int fuse_allow_current_process(struct fuse_conn *fc) const struct cred *cred; if (fc->flags & FUSE_ALLOW_OTHER) - return 1; + return current_in_userns(fc->user_ns); cred = current_cred(); if (uid_eq(cred->euid, fc->user_id) && -- 1.9.1