[PATCH v3 3/4] Allow unprivileged CLONE_NEWUTS and CLONE_NEWIPC with no_new_privs
From: Andy Lutomirski
Date: Mon Jan 30 2012 - 11:18:45 EST
They are normally disallowed because they could be used to subvert
setuid programs. But if setuid is disabled, then they are safe.
Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
---
kernel/nsproxy.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index b576f7f..47cf873 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -191,7 +191,13 @@ int unshare_nsproxy_namespaces(unsigned long unshare_flags,
CLONE_NEWNET)))
return 0;
- if (!capable(CAP_SYS_ADMIN))
+ /* We require either no_new_privs or CAP_SYS_ADMIN for all modes */
+ if (!current->no_new_privs && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ /* NEWNS and NEWNET always require CAP_SYS_ADMIN. */
+ if ((unshare_flags & (CLONE_NEWNS | CLONE_NEWNET)) &&
+ !capable(CAP_SYS_ADMIN))
return -EPERM;
*new_nsp = create_new_namespaces(unshare_flags, current,
--
1.7.7.6
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/