From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 30/43] userns: Fail exec for suid and sgid binaries
 with ids outside our user namespace.
Date: Wed, 18 Apr 2012 19:09:27 +0000
Message-ID: <20120418190927.GK5186@mail.hallyn.com>
References: <m11unyn70b.fsf@fess.ebiederm.org>
 <1333862139-31737-30-git-send-email-ebiederm@xmission.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: linux-kernel@vger.kernel.org,
	Linux Containers <containers@lists.linux-foundation.org>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	linux-security-module@vger.kernel.org,
	Al Viro <viro@ZenIV.linux.org.uk>,
	linux-fsdevel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
To: "Eric W. Beiderman" <ebiederm@xmission.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from 50-56-35-84.static.cloud-ips.com ([50.56.35.84]:33830 "EHLO
	mail.hallyn.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753391Ab2DRTI3 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 18 Apr 2012 15:08:29 -0400
Content-Disposition: inline
In-Reply-To: <1333862139-31737-30-git-send-email-ebiederm@xmission.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Quoting Eric W. Beiderman (ebiederm@xmission.com):
> From: Eric W. Biederman <ebiederm@xmission.com>
> 

Oh, perhaps this is the right place in the thread to discuss the issue of
what to do with file capabilities?  I'm ok waiting until the next iteration
to even discuss it, so long as we start by refusing setting of fcaps by
any task not in init_user_ns.

> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
> ---
>  fs/exec.c |    5 +++++
>  1 files changed, 5 insertions(+), 0 deletions(-)
> 
> diff --git a/fs/exec.c b/fs/exec.c
> index 00ae2ef..e001bdf 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1291,8 +1291,11 @@ int prepare_binprm(struct linux_binprm *bprm)
>  	if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
>  		/* Set-uid? */
>  		if (mode & S_ISUID) {
> +			if (!kuid_has_mapping(bprm->cred->user_ns, inode->i_uid))
> +				return -EPERM;
>  			bprm->per_clear |= PER_CLEAR_ON_SETID;
>  			bprm->cred->euid = inode->i_uid;
> +
>  		}
>  
>  		/* Set-gid? */
> @@ -1302,6 +1305,8 @@ int prepare_binprm(struct linux_binprm *bprm)
>  		 * executable.
>  		 */
>  		if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
> +			if (!kgid_has_mapping(bprm->cred->user_ns, inode->i_gid))
> +				return -EPERM;
>  			bprm->per_clear |= PER_CLEAR_ON_SETID;
>  			bprm->cred->egid = inode->i_gid;
>  		}
> -- 
> 1.7.2.5
> 
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers