FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-10 03:20:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d6cffbbe9a
linux/fs/cifs
History
Eric W. Biederman 93faccbbfa fs: Better permission checking for submounts 
To support unprivileged users mounting filesystems two permission
checks have to be performed: a test to see if the user allowed to
create a mount in the mount namespace, and a test to see if
the user is allowed to access the specified filesystem.

The automount case is special in that mounting the original filesystem
grants permission to mount the sub-filesystems, to any user who
happens to stumble across the their mountpoint and satisfies the
ordinary filesystem permission checks.

Attempting to handle the automount case by using override_creds
almost works.  It preserves the idea that permission to mount
the original filesystem is permission to mount the sub-filesystem.
Unfortunately using override_creds messes up the filesystems
ordinary permission checks.

Solve this by being explicit that a mount is a submount by introducing
vfs_submount, and using it where appropriate.

vfs_submount uses a new mount internal mount flags MS_SUBMOUNT, to let
sget and friends know that a mount is a submount so they can take appropriate
action.

sget and sget_userns are modified to not perform any permission checks
on submounts.

follow_automount is modified to stop using override_creds as that
has proven problemantic.

do_mount is modified to always remove the new MS_SUBMOUNT flag so
that we know userspace will never by able to specify it.

autofs4 is modified to stop using current_real_cred that was put in
there to handle the previous version of submount permission checking.

cifs is modified to pass the mountpoint all of the way down to vfs_submount.

debugfs is modified to pass the mountpoint all of the way down to
trace_automount by adding a new parameter.  To make this change easier
a new typedef debugfs_automount_t is introduced to capture the type of
the debugfs automount function.

Cc: stable@vger.kernel.org
Fixes: 069d5ac9ae ("autofs:  Fix automounts by using current_real_cred()->uid")
Fixes: aeaa4a79ff ("fs: Call d_automount with the filesystems creds")
Reviewed-by: Trond Myklebust <trond.myklebust@primarydata.com>
Reviewed-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2017-02-02 04:36:12 +13:00
..
asn1.c
cache.c
cifs_debug.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
cifs_debug.h
cifs_dfs_ref.c fs: Better permission checking for submounts 2017-02-02 04:36:12 +13:00
cifs_fs_sb.h CIFS: Add new mount option to set owner uid and gid from special sids in acl 2016-10-14 14:22:01 -05:00
cifs_ioctl.h Enable previous version support 2016-10-13 19:48:11 -05:00
cifs_spnego.c
cifs_spnego.h
cifs_unicode.c
cifs_unicode.h
cifs_uniupr.h
cifsacl.c CIFS: Retrieve uid and gid from special sid if enabled 2016-10-14 14:22:16 -05:00
cifsacl.h
cifsencrypt.c Fix default behaviour for empty domains and add domainauto option 2016-12-15 01:42:38 -06:00
cifsfs.c Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 2016-12-24 11:37:18 -08:00
cifsfs.h cifs: don't use ->d_time 2016-09-16 12:44:21 +02:00
cifsglob.h Fix default behaviour for empty domains and add domainauto option 2016-12-15 01:42:38 -06:00
cifspdu.h
cifsproto.h cifs_get_root shouldn't use path with tree name 2016-12-15 01:42:54 -06:00
cifssmb.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
connect.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dir.c cifs_get_root shouldn't use path with tree name 2016-12-15 01:42:54 -06:00
dns_resolve.c
dns_resolve.h
export.c
file.c CIFS: Fix a possible double locking of mutex during reconnect 2016-12-05 12:52:01 -08:00
fscache.c
fscache.h
inode.c Merge remote-tracking branch 'jk/vfs' into work.misc 2016-10-08 11:06:08 -04:00
ioctl.c CIFS: Decrease verbosity of ioctl call 2016-12-02 16:04:33 -08:00
Kconfig
link.c cifs: use %16phN for formatting md5 sum 2016-12-15 00:21:37 -06:00
Makefile
misc.c Clarify locking of cifs file and tcon structures and make more granular 2016-10-12 12:08:32 -05:00
netmisc.c
nterr.c
nterr.h
ntlmssp.h
readdir.c Clarify locking of cifs file and tcon structures and make more granular 2016-10-12 12:08:32 -05:00
rfc1002pdu.h
sess.c
smb1ops.c
smb2file.c CIFS: Fix a possible memory corruption in push locks 2016-12-05 11:08:55 -08:00
smb2glob.h SMB3: Add mount parameter to allow user to override max credits 2016-10-12 12:08:33 -05:00
smb2inode.c Do not send SMB3 SET_INFO request if nothing is changing 2016-10-13 19:46:51 -05:00
smb2maperror.c
smb2misc.c Clarify locking of cifs file and tcon structures and make more granular 2016-10-12 12:08:32 -05:00
smb2ops.c Cleanup missing frees on some ioctls 2016-10-13 19:48:20 -05:00
smb2pdu.c CIFS: Fix a possible double locking of mutex during reconnect 2016-12-05 12:52:01 -08:00
smb2pdu.h CIFS: Fix a possible double locking of mutex during reconnect 2016-12-05 12:52:01 -08:00
smb2proto.h CIFS: Fix a possible memory corruption during reconnect 2016-12-05 12:08:33 -08:00
smb2status.h
smb2transport.c
smbencrypt.c cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack 2016-12-14 01:44:16 -06:00
smberr.h
smbfsctl.h
transport.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
winucase.c
xattr.c Add way to query creation time of file via cifs xattr 2016-10-12 12:08:31 -05:00