Skip to content

Commit

Permalink
userns: Fail exec for suid and sgid binaries with ids outside our use…
Browse files Browse the repository at this point in the history
…r namespace.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
  • Loading branch information
Eric W. Biederman committed May 15, 2012
1 parent a7c1938 commit 9e4a36e
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions fs/exec.c
Original file line number Diff line number Diff line change
Expand Up @@ -1291,8 +1291,11 @@ int prepare_binprm(struct linux_binprm *bprm)
if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
/* Set-uid? */
if (mode & S_ISUID) {
if (!kuid_has_mapping(bprm->cred->user_ns, inode->i_uid))
return -EPERM;
bprm->per_clear |= PER_CLEAR_ON_SETID;
bprm->cred->euid = inode->i_uid;

}

/* Set-gid? */
Expand All @@ -1302,6 +1305,8 @@ int prepare_binprm(struct linux_binprm *bprm)
* executable.
*/
if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
if (!kgid_has_mapping(bprm->cred->user_ns, inode->i_gid))
return -EPERM;
bprm->per_clear |= PER_CLEAR_ON_SETID;
bprm->cred->egid = inode->i_gid;
}
Expand Down

0 comments on commit 9e4a36e

Please sign in to comment.