• Andy Lutomirski's avatar
    fs,userns: Change inode_capable to capable_wrt_inode_uidgid · 23adbe12
    Andy Lutomirski authored
    The kernel has no concept of capabilities with respect to inodes; inodes
    exist independently of namespaces.  For example, inode_capable(inode,
    CAP_LINUX_IMMUTABLE) would be nonsense.
    
    This patch changes inode_capable to check for uid and gid mappings and
    renames it to capable_wrt_inode_uidgid, which should make it more
    obvious what it does.
    
    Fixes CVE-2014-4014.
    
    Cc: Theodore Ts'o <tytso@mit.edu>
    Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
    Cc: "Eric W. Biederman" <ebiederm@xmission.com>
    Cc: Dave Chinner <david@fromorbit.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    23adbe12
inode.c 50 KB