Re: [RFC][PATCH] Fix cap_capable to only allow owners in the parent user namespace to have caps.

[Eric W. Biederman]

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:

> On Thu, Dec 13, 2012 at 2:39 PM, Eric W. Biederman
> <ebiederm@xxxxxxxxxxxx> wrote:
>>
>> Andy Lutomirski pointed out that the current behavior of allowing the
>> owner of a user namespace to have all caps when that owner is not in a
>> parent user namespace is wrong.
>>
>> This is a bug introduced by the kuid conversion which made it possible
>> for the owner of a user namespace to live in a child user namespace.  I
>> goofed and totally missed this implication.
>
> Hmm. Shouldn't this be cc: stable if it was introduced in the kuid
> conversion? Or is it only an issue with your new namespace tree (which
> I haven't pulled yet)?

It should be CC stable.

I think I have fixed the bug I am hoping to get a second pair of eyeballs
before I send the patch officially.

The test for &init_user_ns keeps the bugs from affecting kernels with user
namespaces disabled.

The bug exists in 3.5 and 3.6 but barely matters because you can't
enable user namespaces without additional patches.

The bug exists in 3.7 but is should be of limited affect because
distributions are likely to prefer enabling nfs and fuse over user
namespaces.

I am going to step away for about an hour or so and then with hopefully
fresh eyes myself work to push the good version.  

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/