summaryrefslogtreecommitdiffstats
path: root/userns-Only-allow-the-creator-of-the-userns-unprivil.patch
diff options
context:
space:
mode:
Diffstat (limited to 'userns-Only-allow-the-creator-of-the-userns-unprivil.patch')
-rw-r--r--userns-Only-allow-the-creator-of-the-userns-unprivil.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/userns-Only-allow-the-creator-of-the-userns-unprivil.patch b/userns-Only-allow-the-creator-of-the-userns-unprivil.patch
new file mode 100644
index 000000000..8381b14e3
--- /dev/null
+++ b/userns-Only-allow-the-creator-of-the-userns-unprivil.patch
@@ -0,0 +1,54 @@
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Wed, 26 Nov 2014 23:22:14 -0600
+Subject: [PATCH] userns: Only allow the creator of the userns unprivileged
+ mappings
+
+If you did not create the user namespace and are allowed
+to write to uid_map or gid_map you should already have the necessary
+privilege in the parent user namespace to establish any mapping
+you want so this will not affect userspace in practice.
+
+Limiting unprivileged uid mapping establishment to the creator of the
+user namespace makes it easier to verify all credentials obtained with
+the uid mapping can be obtained without the uid mapping without
+privilege.
+
+Limiting unprivileged gid mapping establishment (which is temporarily
+absent) to the creator of the user namespace also ensures that the
+combination of uid and gid can already be obtained without privilege.
+
+This is part of the fix for CVE-2014-8989.
+
+Cc: stable@vger.kernel.org
+Reviewed-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+---
+ kernel/user_namespace.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 9451b12a9b6c..1e34de2fbd60 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -812,14 +812,16 @@ static bool new_idmap_permitted(const struct file *file,
+ struct user_namespace *ns, int cap_setid,
+ struct uid_gid_map *new_map)
+ {
++ const struct cred *cred = file->f_cred;
+ /* Don't allow mappings that would allow anything that wouldn't
+ * be allowed without the establishment of unprivileged mappings.
+ */
+- if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1)) {
++ if ((new_map->nr_extents == 1) && (new_map->extent[0].count == 1) &&
++ uid_eq(ns->owner, cred->euid)) {
+ u32 id = new_map->extent[0].lower_first;
+ if (cap_setid == CAP_SETUID) {
+ kuid_t uid = make_kuid(ns->parent, id);
+- if (uid_eq(uid, file->f_cred->euid))
++ if (uid_eq(uid, cred->euid))
+ return true;
+ }
+ }
+--
+2.1.0
+