Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

userns: For /proc/self/{uid,gid}_map derive the lower userns from the struct file

To keep things sane in the context of file descriptor passing derive the
user namespace that uids are mapped into from the opener of the file
instead of from current.

When writing to the maps file the lower user namespace must always
be the parent user namespace, or setting the mapping simply does
not make sense.  Enforce that the opener of the file was in
the parent user namespace or the user namespace whose mapping
is being set.

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Eric W. Biederman 13 years ago
parent
e9f238c304
commit
c450f371d4
1 changed files with 10 additions and 2 deletions
Split View Show Diff Stats
  1. 10 2
      kernel/user_namespace.c

+ 10 - 2
kernel/user_namespace.c
View File 

@@ -391,7 +391,7 @@ static int uid_m_show(struct seq_file *seq, void *v)
 
 	struct user_namespace *lower_ns;
 
 	uid_t lower;
 
 
-	lower_ns = current_user_ns();
 
+	lower_ns = seq_user_ns(seq);
 
 	if ((lower_ns == ns) && lower_ns->parent)
 
 		lower_ns = lower_ns->parent;
 
 
@@ -412,7 +412,7 @@ static int gid_m_show(struct seq_file *seq, void *v)
 
 	struct user_namespace *lower_ns;
 
 	gid_t lower;
 
 
-	lower_ns = current_user_ns();
 
+	lower_ns = seq_user_ns(seq);
 
 	if ((lower_ns == ns) && lower_ns->parent)
 
 		lower_ns = lower_ns->parent;
 
 
@@ -688,10 +688,14 @@ ssize_t proc_uid_map_write(struct file *file, const char __user *buf, size_t siz
 
 {
 
 	struct seq_file *seq = file->private_data;
 
 	struct user_namespace *ns = seq->private;
 
+	struct user_namespace *seq_ns = seq_user_ns(seq);
 
 
 	if (!ns->parent)
 
 		return -EPERM;
 
 
+	if ((seq_ns != ns) && (seq_ns != ns->parent))
 
+		return -EPERM;
 
+
 
 	return map_write(file, buf, size, ppos, CAP_SETUID,
 
 			 &ns->uid_map, &ns->parent->uid_map);
 
 }
 
@@ -700,10 +704,14 @@ ssize_t proc_gid_map_write(struct file *file, const char __user *buf, size_t siz
 
 {
 
 	struct seq_file *seq = file->private_data;
 
 	struct user_namespace *ns = seq->private;
 
+	struct user_namespace *seq_ns = seq_user_ns(seq);
 
 
 	if (!ns->parent)
 
 		return -EPERM;
 
 
+	if ((seq_ns != ns) && (seq_ns != ns->parent))
 
+		return -EPERM;
 
+
 
 	return map_write(file, buf, size, ppos, CAP_SETGID,
 
 			 &ns->gid_map, &ns->parent->gid_map);
 
 }