unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
Linux kernel modifications for the Kernel Hacking exam
1293909 commits 7 branches 0 tags 3.3 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Find a file
Seth Forshee (DigitalOcean) e1c5ae59c0
fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT 
Christian noticed that it is possible for a privileged user to mount
most filesystems with a non-initial user namespace in sb->s_user_ns.
When fsopen() is called in a non-init namespace the caller's namespace
is recorded in fs_context->user_ns. If the returned file descriptor is
then passed to a process priviliged in init_user_ns, that process can
call fsconfig(fd_fs, FSCONFIG_CMD_CREATE), creating a new superblock
with sb->s_user_ns set to the namespace of the process which called
fsopen().

This is problematic. We cannot assume that any filesystem which does not
set FS_USERNS_MOUNT has been written with a non-initial s_user_ns in
mind, increasing the risk for bugs and security issues.

Prevent this by returning EPERM from sget_fc() when FS_USERNS_MOUNT is
not set for the filesystem and a non-initial user namespace will be
used. sget() does not need to be updated as it always uses the user
namespace of the current context, or the initial user namespace if
SB_SUBMOUNT is set.

Fixes: cb50b348c7 ("convenience helpers: vfs_get_super() and sget_fc()")
Reported-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@kernel.org>
Link: https://lore.kernel.org/r/20240724-s_user_ns-fix-v1-1-895d07c94701@kernel.org
Reviewed-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
2024-07-27 09:56:33 +02:00
arch Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
block for-6.11/block-20240722 2024-07-22 11:32:05 -07:00
certs kbuild: use $(src) instead of $(srctree)/$(src) for source directory 2024-05-10 04:34:52 +09:00
crypto crypto: testmgr - generate power-of-2 lengths more often 2024-07-13 11:50:28 +12:00
Documentation phy-for-6.11 2024-07-24 13:11:28 -07:00
drivers phy-for-6.11 2024-07-24 13:11:28 -07:00
fs fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT 2024-07-27 09:56:33 +02:00
include phy-for-6.11 2024-07-24 13:11:28 -07:00
init Kbuild updates for v6.11 2024-07-23 14:32:21 -07:00
io_uring io_uring: fix error pbuf checking 2024-07-20 11:04:57 -06:00
ipc slab updates for 6.11 2024-07-18 15:08:12 -07:00
kernel Kbuild updates for v6.11 2024-07-23 14:32:21 -07:00
lib Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
net - In the series "treewide: Refactor heap related implementation", 2024-07-21 17:56:22 -07:00
rust slab updates for 6.11 2024-07-18 15:08:12 -07:00
samples - In the series "treewide: Refactor heap related implementation", 2024-07-21 17:56:22 -07:00
scripts Kbuild updates for v6.11 2024-07-23 14:32:21 -07:00
security Landlock updates for v6.11-rc1 2024-07-20 11:41:52 -07:00
sound Char/Misc and other driver changes for 6.11-rc1 2024-07-19 15:55:08 -07:00
tools Random number generator updates for Linux 6.11-rc1. 2024-07-24 10:29:50 -07:00
usr initramfs: shorten cmd_initfs in usr/Makefile 2024-07-16 01:07:52 +09:00
virt KVM generic changes for 6.11 2024-07-16 09:51:36 -04:00
.clang-format Docs: Move clang-format from process/ to dev-tools/ 2024-06-26 16:36:00 -06:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: add script and target to generate pacman package 2024-07-22 01:24:22 +09:00
.mailmap soc: dt updates for 6.11 2024-07-16 11:43:51 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS tracing: Update of MAINTAINERS and CREDITS file 2024-07-18 14:08:42 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig
MAINTAINERS phy-for-6.11 2024-07-24 13:11:28 -07:00
Makefile Kbuild updates for v6.11 2024-07-23 14:32:21 -07:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.