| From a1480dcc3c706e309a88884723446f2e84fedd5b Mon Sep 17 00:00:00 2001 |
| From: Andy Lutomirski <luto@amacapital.net> |
| Date: Wed, 8 Oct 2014 12:32:47 -0700 |
| Subject: fs: Add a missing permission check to do_umount |
| |
| From: Andy Lutomirski <luto@amacapital.net> |
| |
| commit a1480dcc3c706e309a88884723446f2e84fedd5b upstream. |
| |
| Accessing do_remount_sb should require global CAP_SYS_ADMIN, but |
| only one of the two call sites was appropriately protected. |
| |
| Fixes CVE-2014-7975. |
| |
| Signed-off-by: Andy Lutomirski <luto@amacapital.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/namespace.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/fs/namespace.c |
| +++ b/fs/namespace.c |
| @@ -1356,6 +1356,8 @@ static int do_umount(struct mount *mnt, |
| * Special case for "unmounting" root ... |
| * we just try to remount it readonly. |
| */ |
| + if (!capable(CAP_SYS_ADMIN)) |
| + return -EPERM; |
| down_write(&sb->s_umount); |
| if (!(sb->s_flags & MS_RDONLY)) |
| retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); |
