From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andy Lutomirski Subject: [PATCH 3.16 010/127] fs: Add a missing permission check to do_umount Date: Tue, 28 Oct 2014 11:34:05 +0800 Message-Id: <20141028033421.370870760@linuxfoundation.org> In-Reply-To: <20141028033420.925922046@linuxfoundation.org> References: <20141028033420.925922046@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Andy Lutomirski commit a1480dcc3c706e309a88884723446f2e84fedd5b upstream. Accessing do_remount_sb should require global CAP_SYS_ADMIN, but only one of the two call sites was appropriately protected. Fixes CVE-2014-7975. Signed-off-by: Andy Lutomirski Signed-off-by: Greg Kroah-Hartman --- fs/namespace.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1374,6 +1374,8 @@ static int do_umount(struct mount *mnt, * Special case for "unmounting" root ... * we just try to remount it readonly. */ + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; down_write(&sb->s_umount); if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);