rpms / kernel

Clone
Source Code
GIT

Blame fs-Add-a-missing-permission-check-to-do_umount.patch

26 Label_NFS f10 f11 f12 f12-user-myoung-xendom0 f13 f13-2.6.33-master f13-user-steved-pnfs-13 f14 f14-user-kyle-bz664206 f14-user-kyle-f14-2.6.37 f14-user-lkundrak-vaio-brightness-645937 f14-user-steved-pnfs-f14 f15 f15-2.6.39 f15-30-going-on-40 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-pf f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main oneoffs private-jcm-arm-nosmp-kallsyms private-jcm-arm-nosmp-kallsyms-f17 private-nhorman-sgx-v15 rawhide rhbz_1205083 stabilization talos user/steved/f19-lnfs-v3.8 user/steved/f19-lnfs-v3.8-rc7
  1.   74b479311911cf8ebd00269d32fb4f68f96905be
  2.   fs-Add-a-missing-permission-check-to-do_umount.patch
Blob History Raw
6b37529 
From: Andy Lutomirski <luto@amacapital.net>
6b37529 
Date: Wed, 8 Oct 2014 12:37:46 -0700
6b37529 
Subject: [PATCH] fs: Add a missing permission check to do_umount
6b37529
6b37529 
Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
6b37529 
only one of the two call sites was appropriately protected.
6b37529
6b37529 
Fixes CVE-2014-7975.
6b37529
6b37529 
Cc: stable@vger.kernel.org
6b37529 
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
6b37529 
---
6b37529 
 fs/namespace.c | 2 ++
6b37529 
 1 file changed, 2 insertions(+)
6b37529
6b37529 
diff --git a/fs/namespace.c b/fs/namespace.c
6b37529 
index c8e3034ff4b2..fbba8b17330d 100644
6b37529 
--- a/fs/namespace.c
6b37529 
+++ b/fs/namespace.c
6b37529 
@@ -1439,6 +1439,8 @@ static int do_umount(struct mount *mnt, int flags)
6b37529 
 		 * Special case for "unmounting" root ...
6b37529 
 		 * we just try to remount it readonly.
6b37529 
 		 */
6b37529 
+		if (!capable(CAP_SYS_ADMIN))
6b37529 
+			return -EPERM;
6b37529 
 		down_write(&sb->s_umount);
6b37529 
 		if (!(sb->s_flags & MS_RDONLY))
6b37529 
 			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
6b37529 
--
6b37529 
1.9.3
6b37529
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.