[Devel] Fwd: [PATCH rh7] ovl: fix permission checking for setattr

Cyrill Gorcunov gorcunov at virtuozzo.com
Wed Jan 13 00:18:21 PST 2016


Managed to miss the mailing list, sorry. The vanilla commit for
the fix is acff81ec2c79492b180fade3c2894425cd35a545.

----- Forwarded message from Cyrill Gorcunov <gorcunov at virtuozzo.com> -----

> Date: Wed, 13 Jan 2016 11:06:48 +0300
> From: Cyrill Gorcunov <gorcunov at virtuozzo.com>
> To: Konstantin Khorenko <khorenko at virtuozzo.com>
> Cc: Vladimir Davydov <vdavydov at virtuozzo.com>
> Subject: [PATCH rh7] ovl: fix permission checking for setattr
> 
> This fixes CVE-2015-8660.
> 
> From: Miklos Szeredi <miklos at szeredi.hu>
> 
> [Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
> away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
> (with the former being always safe and the latter failing in case of
> insufficient permissions) it tries to combine these two.  Note that copyup
> itself will have to do ->setattr() anyway; _that_ is where the elevated
> capabilities are right.  Having these two ->setattr() (one to set verbatim
> copy of metadata, another to do what overlayfs ->setattr() had been asked
> to do in the first place) combined is where it breaks.
> 
> Signed-off-by: Miklos Szeredi <miklos at szeredi.hu>
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
> Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>


More information about the Devel mailing list