mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-27 21:03:32 +00:00
ksmbd: Fix user namespace mapping
commit7c88c1e0ab
upstream. A kernel daemon should not rely on the current thread, which is unknown and might be malicious. Before this security fix, ksmbd_override_fsids() didn't correctly override FS UID/GID which means that arbitrary user space threads could trick the kernel to impersonate arbitrary users or groups for file system access checks, leading to file system access bypass. This was found while investigating truncate support for Landlock: https://lore.kernel.org/r/CAKYAXd8fpMJ7guizOjHgxEyyjoUwPsx3jLOPZP=wPYcbhkVXqA@mail.gmail.com Fixes:e2f34481b2
("cifsd: add server-side procedures for SMB3") Cc: Hyunchul Lee <hyc.lee@gmail.com> Cc: Steve French <smfrench@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20220929100447.108468-1-mic@digikod.net Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org> Acked-by: Namjae Jeon <linkinjeon@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
f287d4b702
commit
dd98fee7cf
1 changed files with 4 additions and 2 deletions
|
@ -4,6 +4,8 @@
|
|||
* Copyright (C) 2018 Namjae Jeon <linkinjeon@kernel.org>
|
||||
*/
|
||||
|
||||
#include <linux/user_namespace.h>
|
||||
|
||||
#include "smb_common.h"
|
||||
#include "server.h"
|
||||
#include "misc.h"
|
||||
|
@ -625,8 +627,8 @@ int ksmbd_override_fsids(struct ksmbd_work *work)
|
|||
if (!cred)
|
||||
return -ENOMEM;
|
||||
|
||||
cred->fsuid = make_kuid(current_user_ns(), uid);
|
||||
cred->fsgid = make_kgid(current_user_ns(), gid);
|
||||
cred->fsuid = make_kuid(&init_user_ns, uid);
|
||||
cred->fsgid = make_kgid(&init_user_ns, gid);
|
||||
|
||||
gi = groups_alloc(0);
|
||||
if (!gi) {
|
||||
|
|
Loading…
Reference in a new issue