From: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
To: Seth Forshee <seth.forshee@canonical.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge.hallyn@canonical.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
Austin S Hemmelgarn <ahferroin7@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-bcache@vger.kernel.org, dm-devel@redhat.com,
linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
fuse-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting
Date: Fri, 4 Dec 2015 10:28:07 -0600 [thread overview]
Message-ID: <20151204162807.GB1722@mail.hallyn.com> (raw)
In-Reply-To: <1449070821-73820-3-git-send-email-seth.forshee@canonical.com>
On Wed, Dec 02, 2015 at 09:40:02AM -0600, Seth Forshee wrote:
> Unprivileged users should not be able to mount block devices when
> they lack sufficient privileges towards the block device inode.
> Update blkdev_get_by_path() to validate that the user has the
> required access to the inode at the specified path. The check
> will be skipped for CAP_SYS_ADMIN, so privileged mounts will
> continue working as before.
>
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> fs/block_dev.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/fs/block_dev.c b/fs/block_dev.c
> index 3ebbde85d898..4fdb6ab59816 100644
> --- a/fs/block_dev.c
> +++ b/fs/block_dev.c
> @@ -1424,9 +1424,14 @@ struct block_device *blkdev_get_by_path(const char *path, fmode_t mode,
> void *holder)
> {
> struct block_device *bdev;
> + int perm = 0;
> int err;
>
> - bdev = lookup_bdev(path, 0);
> + if (mode & FMODE_READ)
> + perm |= MAY_READ;
> + if (mode & FMODE_WRITE)
> + perm |= MAY_WRITE;
> + bdev = lookup_bdev(path, perm);
> if (IS_ERR(bdev))
> return bdev;
>
> --
> 1.9.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2015-12-04 16:28 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-02 15:40 [PATCH 00/19] Support fuse mounts in user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-12-04 16:26 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Seth Forshee
2015-12-04 16:28 ` Serge E. Hallyn [this message]
2015-12-02 15:40 ` [PATCH 03/19] fs: Treat foreign mounts as nosuid Seth Forshee
2015-12-04 16:55 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 05/19] userns: Replace in_userns with current_in_userns Seth Forshee
2015-12-04 17:01 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-12-02 15:40 ` [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2015-12-04 16:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2015-12-04 16:49 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2015-12-04 17:27 ` Serge E. Hallyn
2015-12-04 17:46 ` Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2015-12-04 18:50 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
2015-12-04 19:00 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
2015-12-04 19:11 ` Serge E. Hallyn
2015-12-04 20:05 ` Theodore Ts'o
2015-12-04 20:07 ` Serge E. Hallyn
2015-12-04 20:45 ` Seth Forshee
2015-12-04 23:11 ` Theodore Ts'o
2015-12-04 23:43 ` Serge E. Hallyn
2015-12-05 6:15 ` Seth Forshee
2015-12-05 0:00 ` Andreas Dilger
2015-12-02 15:40 ` [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-04 20:36 ` Seth Forshee
2015-12-04 22:05 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 16/19] fuse: Add support for pid namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2015-12-04 15:38 ` Seth Forshee
2015-12-04 20:03 ` Serge E. Hallyn
2015-12-04 20:41 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2015-12-04 20:05 ` Serge E. Hallyn
2015-12-04 20:43 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 19/19] fuse: Allow user namespace mounts Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151204162807.GB1722@mail.hallyn.com \
--to=serge.hallyn@ubuntu.com \
--cc=ahferroin7@gmail.com \
--cc=dm-devel@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-bcache@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=richard.weinberger@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=seth.forshee@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).