On Thu, Sep 29, 2022 at 12:04:47PM +0200, Mickaël Salaün wrote:
A kernel daemon should not rely on the current thread, which is unknown and might be malicious. Before this security fix, ksmbd_override_fsids() didn't correctly override FS UID/GID which means that arbitrary user space threads could trick the kernel to impersonate arbitrary users or groups for file system access checks, leading to file system access bypass.
This was found while investigating truncate support for Landlock: https://lore.kernel.org/r/CAKYAXd8fpMJ7guizOjHgxEyyjoUwPsx3jLOPZP=wPYcbhkVXq...
Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Cc: Hyunchul Lee hyc.lee@gmail.com Cc: Namjae Jeon linkinjeon@kernel.org Cc: Steve French smfrench@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün mic@digikod.net Link: https://lore.kernel.org/r/20220929100447.108468-1-mic@digikod.net
I think this is ok. The alternative would probably be to somehow use a relevant userns when struct ksmbd_user is created when the session is established. But these are deeper ksmbd design questions. The fix proposed here itself seems good.