korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 17:24:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
93faccbbfa
linux/fs/cifs
History
Eric W. Biederman 93faccbbfa fs: Better permission checking for submounts 
To support unprivileged users mounting filesystems two permission
checks have to be performed: a test to see if the user allowed to
create a mount in the mount namespace, and a test to see if
the user is allowed to access the specified filesystem.

The automount case is special in that mounting the original filesystem
grants permission to mount the sub-filesystems, to any user who
happens to stumble across the their mountpoint and satisfies the
ordinary filesystem permission checks.

Attempting to handle the automount case by using override_creds
almost works.  It preserves the idea that permission to mount
the original filesystem is permission to mount the sub-filesystem.
Unfortunately using override_creds messes up the filesystems
ordinary permission checks.

Solve this by being explicit that a mount is a submount by introducing
vfs_submount, and using it where appropriate.

vfs_submount uses a new mount internal mount flags MS_SUBMOUNT, to let
sget and friends know that a mount is a submount so they can take appropriate
action.

sget and sget_userns are modified to not perform any permission checks
on submounts.

follow_automount is modified to stop using override_creds as that
has proven problemantic.

do_mount is modified to always remove the new MS_SUBMOUNT flag so
that we know userspace will never by able to specify it.

autofs4 is modified to stop using current_real_cred that was put in
there to handle the previous version of submount permission checking.

cifs is modified to pass the mountpoint all of the way down to vfs_submount.

debugfs is modified to pass the mountpoint all of the way down to
trace_automount by adding a new parameter.  To make this change easier
a new typedef debugfs_automount_t is introduced to capture the type of
the debugfs automount function.

Cc: stable@vger.kernel.org
Fixes: 069d5ac9ae ("autofs:  Fix automounts by using current_real_cred()->uid")
Fixes: aeaa4a79ff ("fs: Call d_automount with the filesystems creds")
Reviewed-by: Trond Myklebust <trond.myklebust@primarydata.com>
Reviewed-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2017-02-02 04:36:12 +13:00
..
asn1.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cache.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cifs_debug.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
cifs_debug.h lib: update single-char callers of strtobool() 2016-03-17 15:09:34 -07:00
cifs_dfs_ref.c fs: Better permission checking for submounts 2017-02-02 04:36:12 +13:00
cifs_fs_sb.h CIFS: Add new mount option to set owner uid and gid from special sids in acl 2016-10-14 14:22:01 -05:00
cifs_ioctl.h Enable previous version support 2016-10-13 19:48:11 -05:00
cifs_spnego.c cifs: Create dedicated keyring for spnego operations 2016-05-19 21:56:30 -05:00
cifs_spnego.h
cifs_unicode.c File names with trailing period or space need special case conversion 2016-06-24 12:05:52 -05:00
cifs_unicode.h File names with trailing period or space need special case conversion 2016-06-24 12:05:52 -05:00
cifs_uniupr.h
cifsacl.c CIFS: Retrieve uid and gid from special sid if enabled 2016-10-14 14:22:16 -05:00
cifsacl.h cifs: fix SID binary to string conversion 2012-12-11 11:48:49 -06:00
cifsencrypt.c Fix default behaviour for empty domains and add domainauto option 2016-12-15 01:42:38 -06:00
cifsfs.c Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 2016-12-24 11:37:18 -08:00
cifsfs.h cifs: don't use ->d_time 2016-09-16 12:44:21 +02:00
cifsglob.h Fix default behaviour for empty domains and add domainauto option 2016-12-15 01:42:38 -06:00
cifspdu.h Add way to query server fs info for smb3 2015-08-20 10:19:25 -05:00
cifsproto.h cifs_get_root shouldn't use path with tree name 2016-12-15 01:42:54 -06:00
cifssmb.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
connect.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
dir.c cifs_get_root shouldn't use path with tree name 2016-12-15 01:42:54 -06:00
dns_resolve.c cifs: fix composing of mount options for DFS referrals 2013-05-24 13:08:31 -05:00
dns_resolve.h
export.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
file.c CIFS: Fix a possible double locking of mutex during reconnect 2016-12-05 12:52:01 -08:00
fscache.c NFS client updates for Linux 3.13 2013-11-08 05:57:46 +09:00
fscache.h CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them 2013-09-18 10:17:03 -05:00
inode.c Merge remote-tracking branch 'jk/vfs' into work.misc 2016-10-08 11:06:08 -04:00
ioctl.c CIFS: Decrease verbosity of ioctl call 2016-12-02 16:04:33 -08:00
Kconfig Allow parsing vers=3.11 on cifs mount 2015-06-27 20:23:32 -07:00
link.c cifs: use %16phN for formatting md5 sum 2016-12-15 00:21:37 -06:00
Makefile cifs: Switch to generic xattr handlers 2016-04-23 15:33:03 -04:00
misc.c Clarify locking of cifs file and tcon structures and make more granular 2016-10-12 12:08:32 -05:00
netmisc.c Fix signed/unsigned pointer warning 2014-12-14 14:55:57 -06:00
nterr.c CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
nterr.h CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
ntlmssp.h cifs: dynamic allocation of ntlmssp blob 2016-06-23 23:45:07 -05:00
readdir.c Clarify locking of cifs file and tcon structures and make more granular 2016-10-12 12:08:32 -05:00
rfc1002pdu.h
sess.c cifs: check hash calculating succeeded 2016-06-23 23:45:17 -05:00
smb1ops.c Fix that several functions handle incorrect value of mapchars 2015-05-10 19:56:35 -05:00
smb2file.c CIFS: Fix a possible memory corruption in push locks 2016-12-05 11:08:55 -08:00
smb2glob.h SMB3: Add mount parameter to allow user to override max credits 2016-10-12 12:08:33 -05:00
smb2inode.c Do not send SMB3 SET_INFO request if nothing is changing 2016-10-13 19:46:51 -05:00
smb2maperror.c Fix problem recognizing symlinks 2014-10-02 14:10:04 -05:00
smb2misc.c Clarify locking of cifs file and tcon structures and make more granular 2016-10-12 12:08:32 -05:00
smb2ops.c Cleanup missing frees on some ioctls 2016-10-13 19:48:20 -05:00
smb2pdu.c CIFS: Fix a possible double locking of mutex during reconnect 2016-12-05 12:52:01 -08:00
smb2pdu.h CIFS: Fix a possible double locking of mutex during reconnect 2016-12-05 12:52:01 -08:00
smb2proto.h CIFS: Fix a possible memory corruption during reconnect 2016-12-05 12:08:33 -08:00
smb2status.h CIFS: Add SMB2 status codes 2012-07-24 10:25:13 -05:00
smb2transport.c cifs: merge the hash calculation helpers 2016-03-28 14:05:27 -04:00
smbencrypt.c cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack 2016-12-14 01:44:16 -06:00
smberr.h
smbfsctl.h [SMB3] Send durable handle v2 contexts when use of persistent handles required 2015-11-03 09:26:27 -06:00
transport.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
winucase.c [CIFS] quiet sparse compile warning 2013-09-08 14:54:24 -05:00
xattr.c Add way to query creation time of file via cifs xattr 2016-10-12 12:08:31 -05:00