diff options
author | Kees Cook <kees.cook@canonical.com> | 2010-07-13 14:54:56 -0700 |
---|---|---|
committer | Leann Ogasawara <leann.ogasawara@canonical.com> | 2010-08-11 07:42:32 -0700 |
commit | 9cb78275427b39a1387b857f4670460ee94f4072 (patch) | |
tree | 65d55942b2e381f5d51d8efc9c27ac61a9591071 /security/yama | |
parent | 58b5cf4c58829f835b23e78b611bd0a2e1709b63 (diff) |
UBUNTU: SAUCE: Yama: verify inode is symlink to avoid bind mounts
The inode_follow_link LSM hook is called in bind mount situations as
well as for symlink situations, so we must explicitly check for the
inode being a symlink to not reject bind mounts in 1777 directories,
which seems to be a common NFSv4 configuration.
BugLink: https://bugs.launchpad.net/bugs/604407
[submitted upstream to security-next]
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Diffstat (limited to 'security/yama')
-rw-r--r-- | security/yama/yama_lsm.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 4a5bc1ad4b8..1fb1f90893c 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -285,9 +285,13 @@ int yama_inode_follow_link(struct dentry *dentry, if (!protected_sticky_symlinks) return 0; + /* if inode isn't a symlink, don't try to evaluate blocking it */ + inode = dentry->d_inode; + if (!S_ISLNK(inode->i_mode)) + return 0; + /* owner and follower match? */ cred = current_cred(); - inode = dentry->d_inode; if (cred->fsuid == inode->i_uid) return 0; |