From: Oleg Nesterov <oleg@redhat.com>
To: security@kernel.org, oss-security@lists.openwall.com,
Petr Matousek <pmatouse@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Andy Lutomirski <luto@amacapital.net>,
David Howells <dhowells@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure
Date: Tue, 6 Aug 2013 19:38:55 +0200 [thread overview]
Message-ID: <20130806173855.GB24908@redhat.com> (raw)
In-Reply-To: <20130806173827.GA24908@redhat.com>
unshare_userns(new_cred) does *new_cred = prepare_creds() before
create_user_ns() which can fail. However, the caller expects that
it doesn't need to take care of new_cred if unshare_userns() fails.
We could change the single caller, sys_unshare(), but I think it
would be more clean to avoid the side effects on failure, so with
this patch unshare_userns() does put_cred() itself and initializes
*new_cred only if create_user_ns() succeeeds.
Cc: stable@vger.kernel.org
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
kernel/user_namespace.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index d8c30db..6e50a44 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -105,16 +105,21 @@ int create_user_ns(struct cred *new)
int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
{
struct cred *cred;
+ int err = -ENOMEM;
if (!(unshare_flags & CLONE_NEWUSER))
return 0;
cred = prepare_creds();
- if (!cred)
- return -ENOMEM;
+ if (cred) {
+ err = create_user_ns(cred);
+ if (err)
+ put_cred(cred);
+ else
+ *new_cred = cred;
+ }
- *new_cred = cred;
- return create_user_ns(cred);
+ return err;
}
void free_user_ns(struct user_namespace *ns)
--
1.5.5.1
next parent reply other threads:[~2013-08-06 17:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20130806143148.GG15178@dhcp-25-225.brq.redhat.com>
[not found] ` <20130806164745.GA17343@redhat.com>
[not found] ` <20130806173827.GA24908@redhat.com>
2013-08-06 17:38 ` Oleg Nesterov [this message]
2013-08-06 18:14 ` [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Andy Lutomirski
2013-08-06 20:56 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130806173855.GB24908@redhat.com \
--to=oleg@redhat.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oss-security@lists.openwall.com \
--cc=pmatouse@redhat.com \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox