Commit 804733ad85b1ab68812fa438b3b4133d1d85581a
Committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
1 parent
f077e88fc9
Exists in
smarc-ti-linux-3.14.y
and in
1 other branch
userns: Don't allow unprivileged creation of gid mappings
commit be7c6dba2332cef0677fbabb606e279ae76652c3 upstream. As any gid mapping will allow and must allow for backwards compatibility dropping groups don't allow any gid mappings to be established without CAP_SETGID in the parent user namespace. For a small class of applications this change breaks userspace and removes useful functionality. This small class of applications includes tools/testing/selftests/mount/unprivilged-remount-test.c Most of the removed functionality will be added back with the addition of a one way knob to disable setgroups. Once setgroups is disabled setting the gid_map becomes as safe as setting the uid_map. For more common applications that set the uid_map and the gid_map with privilege this change will have no affect. This is part of a fix for CVE-2014-8989. Reviewed-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Showing 1 changed file with 0 additions and 5 deletions Side-by-side Diff
kernel/user_namespace.c
| ... | ... | @@ -814,11 +814,6 @@ |
| 814 | 814 | if (uid_eq(uid, file->f_cred->fsuid)) |
| 815 | 815 | return true; |
| 816 | 816 | } |
| 817 | - else if (cap_setid == CAP_SETGID) { | |
| 818 | - kgid_t gid = make_kgid(ns->parent, id); | |
| 819 | - if (gid_eq(gid, file->f_cred->fsgid)) | |
| 820 | - return true; | |
| 821 | - } | |
| 822 | 817 | } |
| 823 | 818 | |
| 824 | 819 | /* Allow anyone to set a mapping that doesn't require privilege */ |