| From foo@baz Mon Jul 23 08:24:46 CEST 2018 |
| From: Tyler Hicks <tyhicks@canonical.com> |
| Date: Thu, 5 Jul 2018 18:49:23 +0000 |
| Subject: ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns |
| |
| From: Tyler Hicks <tyhicks@canonical.com> |
| |
| [ Upstream commit 70ba5b6db96ff7324b8cfc87e0d0383cf59c9677 ] |
| |
| The low and high values of the net.ipv4.ping_group_range sysctl were |
| being silently forced to the default disabled state when a write to the |
| sysctl contained GIDs that didn't map to the associated user namespace. |
| Confusingly, the sysctl's write operation would return success and then |
| a subsequent read of the sysctl would indicate that the low and high |
| values are the overflowgid. |
| |
| This patch changes the behavior by clearly returning an error when the |
| sysctl write operation receives a GID range that doesn't map to the |
| associated user namespace. In such a situation, the previous value of |
| the sysctl is preserved and that range will be returned in a subsequent |
| read of the sysctl. |
| |
| Signed-off-by: Tyler Hicks <tyhicks@canonical.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv4/sysctl_net_ipv4.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| --- a/net/ipv4/sysctl_net_ipv4.c |
| +++ b/net/ipv4/sysctl_net_ipv4.c |
| @@ -140,8 +140,9 @@ static int ipv4_ping_group_range(struct |
| if (write && ret == 0) { |
| low = make_kgid(user_ns, urange[0]); |
| high = make_kgid(user_ns, urange[1]); |
| - if (!gid_valid(low) || !gid_valid(high) || |
| - (urange[1] < urange[0]) || gid_lt(high, low)) { |
| + if (!gid_valid(low) || !gid_valid(high)) |
| + return -EINVAL; |
| + if (urange[1] < urange[0] || gid_lt(high, low)) { |
| low = make_kgid(&init_user_ns, 1); |
| high = make_kgid(&init_user_ns, 0); |
| } |