1. 15 11月, 2012 1 次提交
    • E
      userns: Support autofs4 interacing with multiple user namespaces · 45634cd8
      Eric W. Biederman 提交于
      Use kuid_t and kgid_t in struct autofs_info and struct autofs_wait_queue.
      
      When creating directories and symlinks default the uid and gid of
      the mount requester to the global root uid and gid.  autofs4_wait
      will update these fields when a mount is requested.
      
      When generating autofsv5 packets report the uid and gid of the mount
      requestor in user namespace of the process that opened the pipe,
      reporting unmapped uids and gids as overflowuid and overflowgid.
      
      In autofs_dev_ioctl_requester return the uid and gid of the last mount
      requester converted into the calling processes user namespace.  When the
      uid or gid don't map return overflowuid and overflowgid as appropriate,
      allowing failure to find a mount requester to be distinguished from
      failure to map a mount requester.
      
      The uid and gid mount options specifying the user and group of the
      root autofs inode are converted into kuid and kgid as they are parsed
      defaulting to the current uid and current gid of the process that
      mounts autofs.
      
      Mounting of autofs for the present remains confined to processes in
      the initial user namespace.
      
      Cc: Ian Kent <raven@themaw.net>
      Acked-by: NSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      45634cd8
  2. 29 10月, 2012 1 次提交
  3. 27 10月, 2012 1 次提交
    • L
      VFS: don't do protected {sym,hard}links by default · 561ec64a
      Linus Torvalds 提交于
      In commit 800179c9 ("This adds symlink and hardlink restrictions to
      the Linux VFS"), the new link protections were enabled by default, in
      the hope that no actual application would care, despite it being
      technically against legacy UNIX (and documented POSIX) behavior.
      
      However, it does turn out to break some applications.  It's rare, and
      it's unfortunate, but it's unacceptable to break existing systems, so
      we'll have to default to legacy behavior.
      
      In particular, it has broken the way AFD distributes files, see
      
        http://www.dwd.de/AFD/
      
      along with some legacy scripts.
      
      Distributions can end up setting this at initrd time or in system
      scripts: if you have security problems due to link attacks during your
      early boot sequence, you have bigger problems than some kernel sysctl
      setting. Do:
      
      	echo 1 > /proc/sys/fs/protected_symlinks
      	echo 1 > /proc/sys/fs/protected_hardlinks
      
      to re-enable the link protections.
      
      Alternatively, we may at some point introduce a kernel config option
      that sets these kinds of "more secure but not traditional" behavioural
      options automatically.
      Reported-by: NNick Bowler <nbowler@elliptictech.com>
      Reported-by: NHolger Kiehl <Holger.Kiehl@dwd.de>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: Theodore Ts'o <tytso@mit.edu>
      Cc: stable@kernel.org # v3.6
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      561ec64a
  4. 26 10月, 2012 13 次提交
  5. 25 10月, 2012 1 次提交
  6. 24 10月, 2012 6 次提交
  7. 23 10月, 2012 3 次提交
  8. 22 10月, 2012 2 次提交
  9. 20 10月, 2012 1 次提交
  10. 19 10月, 2012 1 次提交
  11. 17 10月, 2012 7 次提交
  12. 16 10月, 2012 1 次提交
  13. 15 10月, 2012 2 次提交
反馈
建议
客服 返回
顶部