fs,userns: Change inode_capable to capable_wrt_inode_uidgid The kernel has no concept of capabilities with respect to inodes; inodes exist independently of namespaces. For example, inode_capable(inode, CAP_LINUX_IMMUTABLE) would be nonsense. This patch changes inode_capable to check for uid and gid mappings and renames it to capable_wrt_inode_uidgid, which should make it more obvious what it does. Fixes CVE-2014-4014. Cc: Theodore Ts'o <tytso@mit.edu> Cc: Serge Hallyn <serge.hallyn@ubuntu.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Dave Chinner <david@fromorbit.com> Cc: stable@vger.kernel.org Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 23adbe12ef7d3d4195e80800ab36b37bee28cd03 [log] [tgz]
author: Andy Lutomirski <luto@amacapital.net> Tue Jun 10 12:45:42 2014 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Tue Jun 10 13:57:22 2014 -0700
tree: 000f8f8b3172aa6629b7c9a4148a96549a07acb6
parent: 5b174fd6472b1d6b6402b30210a212f3fd770d96 [diff] [blame]
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index 0b18776..6152cbe 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c

@@ -1215,7 +1215,7 @@
 		 * cleared upon successful return from chown()
 		 */
 		if ((ip->i_d.di_mode & (S_ISUID|S_ISGID)) &&
-		    !inode_capable(VFS_I(ip), CAP_FSETID))
+		    !capable_wrt_inode_uidgid(VFS_I(ip), CAP_FSETID))
 			ip->i_d.di_mode &= ~(S_ISUID|S_ISGID);
 
 		/*
commit	23adbe12ef7d3d4195e80800ab36b37bee28cd03	[log] [tgz]
author	Andy Lutomirski <luto@amacapital.net>	Tue Jun 10 12:45:42 2014 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Tue Jun 10 13:57:22 2014 -0700
tree	000f8f8b3172aa6629b7c9a4148a96549a07acb6
parent	5b174fd6472b1d6b6402b30210a212f3fd770d96 [diff] [blame]