Re: [PATCH v2 04/10] ovl: make ioctl() safe

From: James Morris
Date: Tue Dec 08 2020 - 20:58:29 EST

Next message: Roman Gushchin: "Re: [PATCH v3 1/7] mm: memcontrol: fix NR_ANON_THPS account"
Previous message: Chanwoo Choi: "Re: [PATCH] extcon: max77693: Fix modalias string"
In reply to: Amir Goldstein: "Re: [PATCH v2 04/10] ovl: make ioctl() safe"
Next in thread: Miklos Szeredi: "Re: [PATCH v2 04/10] ovl: make ioctl() safe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 7 Dec 2020, Miklos Szeredi wrote:

> ovl_ioctl_set_flags() does a capability check using flags, but then the
> real ioctl double-fetches flags and uses potentially different value.
>
> The "Check the capability before cred override" comment misleading: user
> can skip this check by presenting benign flags first and then overwriting
> them to non-benign flags.

Is this a security bug which should be fixed in stable?

--
James Morris
<jmorris@xxxxxxxxx>

Next message: Roman Gushchin: "Re: [PATCH v3 1/7] mm: memcontrol: fix NR_ANON_THPS account"
Previous message: Chanwoo Choi: "Re: [PATCH] extcon: max77693: Fix modalias string"
In reply to: Amir Goldstein: "Re: [PATCH v2 04/10] ovl: make ioctl() safe"
Next in thread: Miklos Szeredi: "Re: [PATCH v2 04/10] ovl: make ioctl() safe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]