• Seth Forshee's avatar
    fs: Check for invalid i_uid in may_follow_link() · b2270b22
    Seth Forshee authored
    Filesystem uids which don't map into a user namespace may result
    in inode->i_uid being INVALID_UID. A symlink and its parent
    could have different owners in the filesystem can both get
    mapped to INVALID_UID, which may result in following a symlink
    when this would not have otherwise been permitted when protected
    symlinks are enabled.
    
    Add a new helper function, uid_valid_eq(), and use this to
    validate that the ids in may_follow_link() are both equal and
    valid. Also add an equivalent helper for gids, which is
    currently unused.
    Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    b2270b22
namei.c 115 KB