mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 04:47:05 +00:00
Code Issues Releases Wiki Activity
No description
1189820 commits 105 branches 5097 tags 5.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Christian Brauner 8a404e5b89 tmpfs: verify {g,u}id mount options correctly 
[ Upstream commit 0200679fc7 ]

A while ago we received the following report:

"The other outstanding issue I noticed comes from the fact that
fsconfig syscalls may occur in a different userns than that which
called fsopen. That means that resolving the uid/gid via
current_user_ns() can save a kuid that isn't mapped in the associated
namespace when the filesystem is finally mounted. This means that it
is possible for an unprivileged user to create files owned by any
group in a tmpfs mount (since we can set the SUID bit on the tmpfs
directory), or a tmpfs that is owned by any user, including the root
group/user."

The contract for {g,u}id mount options and {g,u}id values in general set
from userspace has always been that they are translated according to the
caller's idmapping. In so far, tmpfs has been doing the correct thing.
But since tmpfs is mountable in unprivileged contexts it is also
necessary to verify that the resulting {k,g}uid is representable in the
namespace of the superblock to avoid such bugs as above.

The new mount api's cross-namespace delegation abilities are already
widely used. After having talked to a bunch of userspace this is the
most faithful solution with minimal regression risks. I know of one
users - systemd - that makes use of the new mount api in this way and
they don't set unresolable {g,u}ids. So the regression risk is minimal.

Link: https://lore.kernel.org/lkml/CALxfFW4BXhEwxR0Q5LSkg-8Vb4r2MONKCcUCVioehXQKr35eHg@mail.gmail.com
Fixes: f32356261d ("vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API")
Reviewed-by: "Seth Forshee (DigitalOcean)" <sforshee@kernel.org>
Reported-by: Seth Jenkins <sethjenkins@google.com>
Message-Id: <20230801-vfs-fs_context-uidgid-v1-1-daf46a050bbf@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-13 09:47:57 +02:00
arch KVM: x86/mmu: Add "never" option to allow sticky disabling of nx_huge_pages 2023-09-13 09:47:56 +02:00
block blk-crypto: dynamically allocate fallback profile 2023-08-23 17:32:53 +02:00
certs KEYS: Add missing function documentation 2023-04-24 16:15:52 +03:00
crypto crypto: jitter - correct health test during initialization 2023-07-19 16:36:19 +02:00
Documentation dt-bindings: sc16is7xx: Add property to change GPIO function 2023-09-06 21:25:32 +01:00
drivers Revert "net: macsec: preserve ingress frame ordering" 2023-09-13 09:47:56 +02:00
fs iomap: Remove large folio handling in iomap_invalidate_folio() 2023-09-13 09:47:57 +02:00
include fs/nls: make load_nls() take a const parameter 2023-09-13 09:47:51 +02:00
init init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() 2023-08-08 20:04:49 +02:00
io_uring io_uring: correct check for O_TMPFILE 2023-08-16 18:32:19 +02:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel tracing: Introduce pipe_cpumask to avoid race on trace_pipes 2023-09-13 09:47:55 +02:00
lib sbitmap: fix batching wakeup 2023-09-13 09:47:55 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm tmpfs: verify {g,u}id mount options correctly 2023-09-13 09:47:57 +02:00
net net: Avoid address overwrite in kernel_connect 2023-09-13 09:47:56 +02:00
rust rust: macros: vtable: fix HAS_* redefinition (gen_const_name) 2023-08-23 17:32:36 +02:00
samples samples: ftrace: Save required argument registers in sample trampolines 2023-07-23 13:54:09 +02:00
scripts kbuild: rust: avoid creating temporary files 2023-07-27 08:57:06 +02:00
security security: keys: perform capable check only on privileged operations 2023-09-13 09:47:53 +02:00
sound ASoC: cs35l56: Add an ACPI match table 2023-09-13 09:47:55 +02:00
tools vmbus_testing: fix wrong python syntax for integer value comparison 2023-09-13 09:47:53 +02:00
usr initramfs: Check negative timestamp to prevent broken cpio archive 2023-04-16 17:37:01 +09:00
virt KVM: Grab a reference to KVM for VM and vCPU stats file descriptors 2023-08-03 10:26:01 +02:00
.clang-format cxl for v6.4 2023-04-30 11:51:51 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for *.dtso files 2023-02-26 15:28:23 +09:00
.gitignore linux-kselftest-kunit-6.4-rc1 2023-04-24 12:31:32 -07:00
.mailmap mailmap: add entries for Ben Dooks 2023-06-19 13:19:35 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS MAINTAINERS: sctp: move Neil to CREDITS 2023-05-12 08:51:32 +01:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS Networking fixes for 6.4-rc8, including fixes from ipsec, bpf, 2023-06-22 17:59:51 -07:00
Makefile Linux 6.4.15 2023-09-06 21:25:33 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.