diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-01-05 16:09:49 -0500 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-01-05 16:09:49 -0500 |
commit | 208228cebd8a9b5af5da4e12e3d90e4a03679cf0 (patch) | |
tree | 0cf4e87e7877bff42d1f3b480c2d585347ee3eba /umount-Disallow-unprivileged-mount-force.patch | |
parent | bfe354a1c3609cdd83fd0647153365ff4f81701f (diff) | |
download | kernel-208228cebd8a9b5af5da4e12e3d90e4a03679cf0.tar.gz kernel-208228cebd8a9b5af5da4e12e3d90e4a03679cf0.tar.xz kernel-208228cebd8a9b5af5da4e12e3d90e4a03679cf0.zip |
Linux v3.19-rc2
- Temporarily disable aarch64patches
- Happy New Year
Diffstat (limited to 'umount-Disallow-unprivileged-mount-force.patch')
-rw-r--r-- | umount-Disallow-unprivileged-mount-force.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/umount-Disallow-unprivileged-mount-force.patch b/umount-Disallow-unprivileged-mount-force.patch deleted file mode 100644 index a57b2c927..000000000 --- a/umount-Disallow-unprivileged-mount-force.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: "Eric W. Biederman" <ebiederm@xmission.com> -Date: Sat, 4 Oct 2014 14:44:03 -0700 -Subject: [PATCH] umount: Disallow unprivileged mount force - -Forced unmount affects not just the mount namespace but the underlying -superblock as well. Restrict forced unmount to the global root user -for now. Otherwise it becomes possible a user in a less privileged -mount namespace to force the shutdown of a superblock of a filesystem -in a more privileged mount namespace, allowing a DOS attack on root. - -Cc: stable@vger.kernel.org -Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> ---- - fs/namespace.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/fs/namespace.c b/fs/namespace.c -index 3a1a87dc33df..43b16af8af30 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -1544,6 +1544,9 @@ SYSCALL_DEFINE2(umount, char __user *, name, int, flags) - goto dput_and_out; - if (mnt->mnt.mnt_flags & MNT_LOCKED) - goto dput_and_out; -+ retval = -EPERM; -+ if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN)) -+ goto dput_and_out; - - retval = do_umount(mnt, flags); - dput_and_out: --- -2.1.0 - |