Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 41c21e351e79004dbb4efa4bc14a53a7e0af38c5
commit41c21e351e79004dbb4efa4bc14a53a7e0af38c5[log] [tgz]
authorAndy Lutomirski <luto@amacapital.net>Sun Apr 14 11:44:04 2013 -0700
committerAndy Lutomirski <luto@amacapital.net>Sun Apr 14 18:11:32 2013 -0700
tree09f41257304634a6f2dcf48fd99504924a5344f1
parente3211c120a85b792978bcb4be7b2886df18d27f0 [diff]
userns: Changing any namespace id mappings should require privileges

Changing uid/gid/projid mappings doesn't change your id within the
namespace; it reconfigures the namespace.  Unprivileged programs should
*not* be able to write these files.  (We're also checking the privileges
on the wrong task.)

Given the write-once nature of these files and the other security
checks, this is likely impossible to usefully exploit.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
1 file changed
tree: 09f41257304634a6f2dcf48fd99504924a5344f1
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS