[PATCH][V2] vfs: Use upper filesystem inode in bprm_fill_uid()

[PATCH][V2] vfs: Use upper filesystem inode in bprm_fill_uid()

[Vivek Goyal]

Right now bprm_fill_uid() uses inode fetched from file_inode(bprm->file).
This in turn returns inode of lower filesystem (in a stacked filesystem
setup).

I was playing with modified patches of shiftfs posted by james bottomley
and realized that through shiftfs setuid bit does not take effect. And
reason being that we fetch uid/gid from inode of lower fs (and not from
shiftfs inode). And that results in following checks failing.

/* We ignore suid/sgid if there are no mappings for them in the ns */
if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
    !kgid_has_mapping(bprm->cred->user_ns, gid))
	return;

uid/gid fetched from lower fs inode might not be mapped inside the user
namespace of container. So we need to look at uid/gid fetched from
upper filesystem (shiftfs in this particular case) and these should be
mapped and setuid bit can take affect.
 
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
 fs/exec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: rhvgoyal-linux/fs/exec.c
===================================================================
--- rhvgoyal-linux.orig/fs/exec.c	2017-02-13 15:22:57.107114781 -0500
+++ rhvgoyal-linux/fs/exec.c	2017-02-13 15:24:19.568114781 -0500
@@ -1479,7 +1479,7 @@ static void bprm_fill_uid(struct linux_b
 	if (task_no_new_privs(current))
 		return;
 
-	inode = file_inode(bprm->file);
+	inode = bprm->file->f_path.dentry->d_inode;
 	mode = READ_ONCE(inode->i_mode);
 	if (!(mode & (S_ISUID|S_ISGID)))
 		return;

Re: [PATCH][V2] vfs: Use upper filesystem inode in bprm_fill_uid()

[Eric W. Biederman]

Vivek Goyal <vgoyal@redhat.com> writes:

> Right now bprm_fill_uid() uses inode fetched from file_inode(bprm->file).
> This in turn returns inode of lower filesystem (in a stacked filesystem
> setup).
>
> I was playing with modified patches of shiftfs posted by james bottomley
> and realized that through shiftfs setuid bit does not take effect. And
> reason being that we fetch uid/gid from inode of lower fs (and not from
> shiftfs inode). And that results in following checks failing.
>
> /* We ignore suid/sgid if there are no mappings for them in the ns */
> if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
>     !kgid_has_mapping(bprm->cred->user_ns, gid))
> 	return;
>
> uid/gid fetched from lower fs inode might not be mapped inside the user
> namespace of container. So we need to look at uid/gid fetched from
> upper filesystem (shiftfs in this particular case) and these should be
> mapped and setuid bit can take affect.
>  
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>

Applied thanks,

Eric

> ---
>  fs/exec.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> Index: rhvgoyal-linux/fs/exec.c
> ===================================================================
> --- rhvgoyal-linux.orig/fs/exec.c	2017-02-13 15:22:57.107114781 -0500
> +++ rhvgoyal-linux/fs/exec.c	2017-02-13 15:24:19.568114781 -0500
> @@ -1479,7 +1479,7 @@ static void bprm_fill_uid(struct linux_b
>  	if (task_no_new_privs(current))
>  		return;
>  
> -	inode = file_inode(bprm->file);
> +	inode = bprm->file->f_path.dentry->d_inode;
>  	mode = READ_ONCE(inode->i_mode);
>  	if (!(mode & (S_ISUID|S_ISGID)))
>  		return;