git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Miklos Szeredi <mszeredi@redhat.com>
	Mon, 14 Dec 2020 14:26:14 +0000 (15:26 +0100)
committer	Paolo Pisati <paolo.pisati@canonical.com>
	Mon, 4 Jan 2021 15:47:57 +0000 (16:47 +0100)
commit	00c9bb9be6781e739022a63fe9f5b0ef1d71cdff
tree	d18741809895bea8b208787bf2e6580e5abf988c	tree
parent	160026951d154bd4e14f60a57283e379b7926bed	commit \| diff

ovl: make ioctl() safe

BugLink: https://bugs.launchpad.net/bugs/1910111
commit 89bdfaf93d9157499c3a0d61f489df66f2dead7f upstream.

ovl_ioctl_set_flags() does a capability check using flags, but then the
real ioctl double-fetches flags and uses potentially different value.

The "Check the capability before cred override" comment misleading: user
can skip this check by presenting benign flags first and then overwriting
them to non-benign flags.

Just remove the cred override for now, hoping this doesn't cause a
regression.

The proper solution is to create a new setxflags i_op (patches are in the
works).

Xfstests don't show a regression.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Fixes: dab5ca8fd9dd ("ovl: add lsattr/chattr support")
Cc: <stable@vger.kernel.org> # v4.19
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>