UBUNTU: SAUCE: Yama: verify inode is symlink to avoid bind mounts

The inode_follow_link LSM hook is called in bind mount situations as well as for symlink situations, so we must explicitly check for the inode being a symlink to not reject bind mounts in 1777 directories, which seems to be a common NFSv4 configuration. BugLink: https://bugs.launchpad.net/bugs/604407 [submitted upstream to security-next] Signed-off-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
author: Kees Cook <kees.cook@canonical.com> 2010-07-13 14:54:56 -0700
committer: Leann Ogasawara <leann.ogasawara@canonical.com> 2010-08-11 07:42:32 -0700
commit: 9cb78275427b39a1387b857f4670460ee94f4072 (patch)
tree: 65d55942b2e381f5d51d8efc9c27ac61a9591071 /security/yama
parent: 58b5cf4c58829f835b23e78b611bd0a2e1709b63 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 4a5bc1ad4b8..1fb1f90893c 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -285,9 +285,13 @@ int yama_inode_follow_link(struct dentry *dentry,
 	if (!protected_sticky_symlinks)
 		return 0;
 
+	/* if inode isn't a symlink, don't try to evaluate blocking it */
+	inode = dentry->d_inode;
+	if (!S_ISLNK(inode->i_mode))
+		return 0;
+
 	/* owner and follower match? */
 	cred = current_cred();
-	inode = dentry->d_inode;
 	if (cred->fsuid == inode->i_uid)
 		return 0;
author	Kees Cook <kees.cook@canonical.com>	2010-07-13 14:54:56 -0700
committer	Leann Ogasawara <leann.ogasawara@canonical.com>	2010-08-11 07:42:32 -0700
commit	9cb78275427b39a1387b857f4670460ee94f4072 (patch)
tree	65d55942b2e381f5d51d8efc9c27ac61a9591071 /security/yama
parent	58b5cf4c58829f835b23e78b611bd0a2e1709b63 (diff)