26223f
From: "Eric W. Biederman" <ebiederm@xmission.com>
26223f
Date: Fri, 5 Dec 2014 18:14:19 -0600
26223f
Subject: [PATCH] userns: Don't allow unprivileged creation of gid mappings
26223f
26223f
As any gid mapping will allow and must allow for backwards
26223f
compatibility dropping groups don't allow any gid mappings to be
26223f
established without CAP_SETGID in the parent user namespace.
26223f
26223f
For a small class of applications this change breaks userspace
26223f
and removes useful functionality.  This small class of applications
26223f
includes tools/testing/selftests/mount/unprivilged-remount-test.c
26223f
26223f
Most of the removed functionality will be added back with the addition
26223f
of a one way knob to disable setgroups.  Once setgroups is disabled
26223f
setting the gid_map becomes as safe as setting the uid_map.
26223f
26223f
For more common applications that set the uid_map and the gid_map
26223f
with privilege this change will have no affect.
26223f
26223f
This is part of a fix for CVE-2014-8989.
26223f
26223f
Cc: stable@vger.kernel.org
26223f
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
26223f
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
26223f
---
26223f
 kernel/user_namespace.c | 4 ----
26223f
 1 file changed, 4 deletions(-)
26223f
26223f
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
26223f
index 27c8dab48c07..1ce6d67c07b7 100644
26223f
--- a/kernel/user_namespace.c
26223f
+++ b/kernel/user_namespace.c
26223f
@@ -821,10 +821,6 @@ static bool new_idmap_permitted(const struct file *file,
26223f
 			kuid_t uid = make_kuid(ns->parent, id);
26223f
 			if (uid_eq(uid, file->f_cred->fsuid))
26223f
 				return true;
26223f
-		} else if (cap_setid == CAP_SETGID) {
26223f
-			kgid_t gid = make_kgid(ns->parent, id);
26223f
-			if (gid_eq(gid, file->f_cred->fsgid))
26223f
-				return true;
26223f
 		}
26223f
 	}
26223f
 
26223f
-- 
26223f
2.1.0
26223f