Commit 1ab29965 authored by Christian Brauner's avatar Christian Brauner

exec: handle idmapped mounts

When executing a setuid binary the kernel will verify in bprm_fill_uid()
that the inode has a mapping in the caller's user namespace before
setting the callers uid and gid. Let bprm_fill_uid() handle idmapped
mounts. If the inode is accessed through an idmapped mount it is mapped
according to the mount's user namespace. Afterwards the checks are
identical to non-idmapped mounts. If the initial user namespace is
passed nothing changes so non-idmapped mounts will see identical
behavior as before.

Link: https://lore.kernel.org/r/20210121131959.646623-24-christian.brauner@ubuntu.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 435ac621
...@@ -1580,6 +1580,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) ...@@ -1580,6 +1580,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file) static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file)
{ {
/* Handle suid and sgid on files */ /* Handle suid and sgid on files */
struct user_namespace *mnt_userns;
struct inode *inode; struct inode *inode;
unsigned int mode; unsigned int mode;
kuid_t uid; kuid_t uid;
...@@ -1596,13 +1597,15 @@ static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file) ...@@ -1596,13 +1597,15 @@ static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file)
if (!(mode & (S_ISUID|S_ISGID))) if (!(mode & (S_ISUID|S_ISGID)))
return; return;
mnt_userns = file_mnt_user_ns(file);
/* Be careful if suid/sgid is set */ /* Be careful if suid/sgid is set */
inode_lock(inode); inode_lock(inode);
/* reload atomically mode/uid/gid now that lock held */ /* reload atomically mode/uid/gid now that lock held */
mode = inode->i_mode; mode = inode->i_mode;
uid = inode->i_uid; uid = i_uid_into_mnt(mnt_userns, inode);
gid = inode->i_gid; gid = i_gid_into_mnt(mnt_userns, inode);
inode_unlock(inode); inode_unlock(inode);
/* We ignore suid/sgid if there are no mappings for them in the ns */ /* We ignore suid/sgid if there are no mappings for them in the ns */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment