From: Seth Forshee <seth.forshee@canonical.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Theodore Ts'o <tytso@mit.edu>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Serge Hallyn <serge.hallyn@canonical.com>,
Richard Weinberger <richard.weinberger@gmail.com>,
Austin S Hemmelgarn <ahferroin7@gmail.com>,
Miklos Szeredi <miklos@szeredi.hu>,
linux-bcache@vger.kernel.org, dm-devel@redhat.com,
linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org,
fuse-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Subject: Re: [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns
Date: Fri, 4 Dec 2015 14:45:32 -0600 [thread overview]
Message-ID: <20151204204532.GG147214@ubuntu-hedt> (raw)
In-Reply-To: <20151204200736.GJ3624@mail.hallyn.com>
On Fri, Dec 04, 2015 at 02:07:36PM -0600, Serge E. Hallyn wrote:
> Heh, I was looking over http://www.gossamer-threads.com/lists/linux/kernel/103611
> a little while ago :) The same question was asked 16 years ago. Apparently
> the answer then was that it was easier than fixing the code.
So it seems then that either it still isn't safe and so unprivileged
users shouldn't be allowed to do it at all, or else it's safe and we
should drop the requirement completely. I can't say which is right,
unfortunately.
>
> Quoting Theodore Ts'o (tytso@mit.edu):
> > The fact that we need CAP_SYS_RAIO for FIBMAP is pretty silly, given
> > that FIEMAP does not require privileges --- and in fact the preferred
> > interface. Why not just simply drop the requirement for privileges
> > for FIBMAP?
> >
> > (Seth, Serge, this isn't a real objection to your patch; but the fact
> > that FIBMAP requires root has always been a bit silly, and this would
> > be a great opportunity to simplify things a bit.)
> >
> > - Ted
> >
> >
> > On Fri, Dec 04, 2015 at 01:11:43PM -0600, Serge E. Hallyn wrote:
> > > Quoting Seth Forshee (seth.forshee@canonical.com):
> > > > Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> > >
> > > Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> > >
> > > > ---
> > > > fs/ioctl.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/fs/ioctl.c b/fs/ioctl.c
> > > > index 5d01d2638ca5..45c371bed7ee 100644
> > > > --- a/fs/ioctl.c
> > > > +++ b/fs/ioctl.c
> > > > @@ -55,7 +55,7 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
> > > > /* do we support this mess? */
> > > > if (!mapping->a_ops->bmap)
> > > > return -EINVAL;
> > > > - if (!capable(CAP_SYS_RAWIO))
> > > > + if (!ns_capable(filp->f_inode->i_sb->s_user_ns, CAP_SYS_RAWIO))
> > > > return -EPERM;
> > > > res = get_user(block, p);
> > > > if (res)
> > > > --
> > > > 1.9.1
> > > >
> > > > --
> > > > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > > > the body of a message to majordomo@vger.kernel.org
> > > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > > > Please read the FAQ at http://www.tux.org/lkml/
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-12-04 20:45 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-02 15:40 [PATCH 00/19] Support fuse mounts in user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 01/19] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-12-04 16:26 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 02/19] block_dev: Check permissions towards block device inode when mounting Seth Forshee
2015-12-04 16:28 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 03/19] fs: Treat foreign mounts as nosuid Seth Forshee
2015-12-04 16:55 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 05/19] userns: Replace in_userns with current_in_userns Seth Forshee
2015-12-04 17:01 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 06/19] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-12-02 15:40 ` [PATCH 07/19] fs: Check for invalid i_uid in may_follow_link() Seth Forshee
2015-12-04 16:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 08/19] cred: Reject inodes with invalid ids in set_create_file_as() Seth Forshee
2015-12-04 16:49 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 09/19] fs: Refuse uid/gid changes which don't map into s_user_ns Seth Forshee
2015-12-04 17:27 ` Serge E. Hallyn
2015-12-04 17:46 ` Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 10/19] fs: Update posix_acl support to handle user namespace mounts Seth Forshee
2015-12-04 18:50 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 11/19] fs: Ensure the mounter of a filesystem is privileged towards its inodes Seth Forshee
2015-12-04 19:00 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 12/19] fs: Don't remove suid for CAP_FSETID in s_user_ns Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 13/19] fs: Allow superblock owner to access do_remount_sb() Seth Forshee
2015-12-04 19:02 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 14/19] fs: Permit FIBMAP for users with CAP_SYS_RAWIO in s_user_ns Seth Forshee
2015-12-04 19:11 ` Serge E. Hallyn
2015-12-04 20:05 ` Theodore Ts'o
2015-12-04 20:07 ` Serge E. Hallyn
2015-12-04 20:45 ` Seth Forshee [this message]
2015-12-04 23:11 ` Theodore Ts'o
2015-12-04 23:43 ` Serge E. Hallyn
2015-12-05 6:15 ` Seth Forshee
2015-12-05 0:00 ` Andreas Dilger
2015-12-02 15:40 ` [PATCH 15/19] capabilities: Allow privileged user in s_user_ns to set file caps Seth Forshee
2015-12-04 19:42 ` Serge E. Hallyn
2015-12-04 20:36 ` Seth Forshee
2015-12-04 22:05 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 16/19] fuse: Add support for pid namespaces Seth Forshee
2015-12-02 15:40 ` [PATCH 17/19] fuse: Support fuse filesystems outside of init_user_ns Seth Forshee
2015-12-04 15:38 ` Seth Forshee
2015-12-04 20:03 ` Serge E. Hallyn
2015-12-04 20:41 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 18/19] fuse: Restrict allow_other to the superblock's namespace or a descendant Seth Forshee
2015-12-04 20:05 ` Serge E. Hallyn
2015-12-04 20:43 ` Seth Forshee
2015-12-04 21:57 ` Serge E. Hallyn
2015-12-02 15:40 ` [PATCH 19/19] fuse: Allow user namespace mounts Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151204204532.GG147214@ubuntu-hedt \
--to=seth.forshee@canonical.com \
--cc=ahferroin7@gmail.com \
--cc=dm-devel@redhat.com \
--cc=ebiederm@xmission.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-bcache@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=richard.weinberger@gmail.com \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=serge@hallyn.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).