Please apply commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") to stable series from 5.10.y back to 4.19.y
Hi Greg, hi Sasha
Please consider to apply commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") to stable series at least back to 4.19.y. It applies to there (but have not tested older series) and could test a build on top of 5.10.y with the commit.
The commit was applied in 5.11-rc1 and from the commit message:
vfs: move cap_convert_nscap() call into vfs_setxattr()
cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns.
This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway.
Additionally, in fact additionally for distribtuions kernels which do allow unprivileged overlayfs mounts this as as well broader consequences, as explained in https://www.openwall.com/lists/oss-security/2021/04/16/1 .
Thanks for considering!
Regards, Salvatore
On Fri, Apr 16, 2021 at 09:56:08PM +0200, Salvatore Bonaccorso wrote:
Hi Greg, hi Sasha
Please consider to apply commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") to stable series at least back to 4.19.y. It applies to there (but have not tested older series) and could test a build on top of 5.10.y with the commit.
The commit was applied in 5.11-rc1 and from the commit message:
vfs: move cap_convert_nscap() call into vfs_setxattr()
cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns.
This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway.
Additionally, in fact additionally for distribtuions kernels which do allow unprivileged overlayfs mounts this as as well broader consequences, as explained in https://www.openwall.com/lists/oss-security/2021/04/16/1 .
Is it needed without the rest of the patches in the series it was sent in (https://lore.kernel.org/linux-fsdevel/20201207163255.564116-1-mszeredi@redha...
Hi Sasha,
On Fri, Apr 16, 2021 at 05:04:04PM -0400, Sasha Levin wrote:
On Fri, Apr 16, 2021 at 09:56:08PM +0200, Salvatore Bonaccorso wrote:
Hi Greg, hi Sasha
Please consider to apply commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") to stable series at least back to 4.19.y. It applies to there (but have not tested older series) and could test a build on top of 5.10.y with the commit.
The commit was applied in 5.11-rc1 and from the commit message:
vfs: move cap_convert_nscap() call into vfs_setxattr()
cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns.
This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway.
Additionally, in fact additionally for distribtuions kernels which do allow unprivileged overlayfs mounts this as as well broader consequences, as explained in https://www.openwall.com/lists/oss-security/2021/04/16/1 .
Is it needed without the rest of the patches in the series it was sent in (https://lore.kernel.org/linux-fsdevel/20201207163255.564116-1-mszeredi@redha...
This is a very valid question. In fact from the series already 89bdfaf93d91 ("ovl: make ioctl() safe") was backported as well to 5.10.y (in 5.10.4). My thinking was it would make sense to pick as well the mentioned commit as it fixes as well a specific issue.
If though you and Greg think my request is not valid, then so it will be. I in any case have Miklos, Steve and Thadeu here which might further comment.
Thanks for your work, which is not easy to sort out what to apply and what not, much appreciated. My intention here is not to cause you more hassle, but cover the initial mentioned aspect for downstream distributions.
Regards, Salvatore
On Fri, Apr 16, 2021 at 09:56:08PM +0200, Salvatore Bonaccorso wrote:
Hi Greg, hi Sasha
Please consider to apply commit 7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") to stable series at least back to 4.19.y. It applies to there (but have not tested older series) and could test a build on top of 5.10.y with the commit.
The commit was applied in 5.11-rc1 and from the commit message:
vfs: move cap_convert_nscap() call into vfs_setxattr() cap_convert_nscap() does permission checking as well as conversion of the xattr value conditionally based on fs's user-ns. This is needed by overlayfs and probably other layered fs (ecryptfs) and is what vfs_foo() is supposed to do anyway.
Does this actually solve an in-kernel problem, or is only an issue for out-of-tree filesystems?
Additionally, in fact additionally for distribtuions kernels which do allow unprivileged overlayfs mounts this as as well broader consequences, as explained in https://www.openwall.com/lists/oss-security/2021/04/16/1 .
That's an out-of-tree issue from what I can tell, what in-kernel issue does the above commit resolve? Or am I reading that report incorrectly?
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg Kroah-Hartman -
Salvatore Bonaccorso -
Sasha Levin