NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include
History
Eric W. Biederman 93faccbbfa fs: Better permission checking for submounts 
To support unprivileged users mounting filesystems two permission
checks have to be performed: a test to see if the user allowed to
create a mount in the mount namespace, and a test to see if
the user is allowed to access the specified filesystem.

The automount case is special in that mounting the original filesystem
grants permission to mount the sub-filesystems, to any user who
happens to stumble across the their mountpoint and satisfies the
ordinary filesystem permission checks.

Attempting to handle the automount case by using override_creds
almost works.  It preserves the idea that permission to mount
the original filesystem is permission to mount the sub-filesystem.
Unfortunately using override_creds messes up the filesystems
ordinary permission checks.

Solve this by being explicit that a mount is a submount by introducing
vfs_submount, and using it where appropriate.

vfs_submount uses a new mount internal mount flags MS_SUBMOUNT, to let
sget and friends know that a mount is a submount so they can take appropriate
action.

sget and sget_userns are modified to not perform any permission checks
on submounts.

follow_automount is modified to stop using override_creds as that
has proven problemantic.

do_mount is modified to always remove the new MS_SUBMOUNT flag so
that we know userspace will never by able to specify it.

autofs4 is modified to stop using current_real_cred that was put in
there to handle the previous version of submount permission checking.

cifs is modified to pass the mountpoint all of the way down to vfs_submount.

debugfs is modified to pass the mountpoint all of the way down to
trace_automount by adding a new parameter.  To make this change easier
a new typedef debugfs_automount_t is introduced to capture the type of
the debugfs automount function.

Cc: stable@vger.kernel.org
Fixes: 069d5ac9ae ("autofs:  Fix automounts by using current_real_cred()->uid")
Fixes: aeaa4a79ff ("fs: Call d_automount with the filesystems creds")
Reviewed-by: Trond Myklebust <trond.myklebust@primarydata.com>
Reviewed-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2017-02-02 04:36:12 +13:00
..
acpi More ACPI updates for v4.10-rc1 2016-12-22 10:19:32 -08:00
asm-generic Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
clocksource
crypto This pull contains one set of changes: a conversion of the crypto DocBook 2016-12-17 16:00:34 -08:00
drm Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dt-bindings dt: bindings: net: use boolean dt properties for eee broken modes 2016-12-20 13:50:50 -05:00
keys
kvm clocksource: Use a plain u64 instead of cycle_t 2016-12-25 11:04:12 +01:00
linux fs: Better permission checking for submounts 2017-02-02 04:36:12 +13:00
math-emu
media [media] cec: pass parent device in register(), not allocate() 2016-11-29 12:07:17 -02:00
memory
misc
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-27 16:04:37 -08:00
pcmcia
ras
rdma Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
rxrpc
scsi linux: drop __bitwise__ everywhere 2016-12-16 00:13:41 +02:00
soc powerpc updates for 4.10 2016-12-16 09:26:42 -08:00
sound sound updates for 4.10-rc1 2016-12-14 11:14:28 -08:00
target Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux 2016-12-21 10:16:05 -08:00
trace Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-25 14:30:04 -08:00
uapi fs: Better permission checking for submounts 2017-02-02 04:36:12 +13:00
video Merge branch 'drm/next/du' of git://linuxtv.org/pinchartl/media into drm-next 2016-11-16 09:39:21 +10:00
xen xen: features and fixes for 4.10 rc0 2016-12-13 16:07:55 -08:00
Kbuild