forked from Minki/linux
ovl: check privs before decoding file handle
CAP_DAC_READ_SEARCH is required by open_by_handle_at(2) so check it in ovl_decode_real_fh() as well to prevent privilege escalation for unprivileged overlay mounts. [Amir] If the mounter is not capable in init ns, ovl_check_origin() and ovl_verify_index() will not function as expected and this will break index and nfs export features. So check capability in ovl_can_decode_fh(), to auto disable those features. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
This commit is contained in:
parent
3078d85c9a
commit
c846af050f
@ -156,6 +156,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fs *ofs, struct ovl_fh *fh,
|
||||
struct dentry *real;
|
||||
int bytes;
|
||||
|
||||
if (!capable(CAP_DAC_READ_SEARCH))
|
||||
return NULL;
|
||||
|
||||
/*
|
||||
* Make sure that the stored uuid matches the uuid of the lower
|
||||
* layer where file handle will be decoded.
|
||||
|
@ -50,6 +50,9 @@ const struct cred *ovl_override_creds(struct super_block *sb)
|
||||
*/
|
||||
int ovl_can_decode_fh(struct super_block *sb)
|
||||
{
|
||||
if (!capable(CAP_DAC_READ_SEARCH))
|
||||
return 0;
|
||||
|
||||
if (!sb->s_export_op || !sb->s_export_op->fh_to_dentry)
|
||||
return 0;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user