From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:36614 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752881AbdF2QzI (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 29 Jun 2017 12:55:08 -0400
Date: Thu, 29 Jun 2017 18:55:06 +0200
From: Greg KH <greg@kroah.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>,
        Shuah Khan <shuahkh@osg.samsung.com>, stable@vger.kernel.org,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Kees Cook <keescook@chromium.org>,
        linux-kselftest@vger.kernel.org
Subject: Re: [PATCH] selftests/capabilities: Fix the test_execve test
Message-ID: <20170629165506.GA10065@kroah.com>
References: <57f82c0dce0388bdc38da5f45fbe0c8999a0bbbc.1498751145.git.luto@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <57f82c0dce0388bdc38da5f45fbe0c8999a0bbbc.1498751145.git.luto@kernel.org>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Thu, Jun 29, 2017 at 08:46:12AM -0700, Andy Lutomirski wrote:
> test_execve does rather odd mount manipulations to safely create
> temporary setuid and setgid executables that aren't visible to the
> rest of the system.  Those executables end up in the test's cwd, but
> that cwd is MNT_DETACHed.
> 
> The core namespace code considers MNT_DETACHed trees to belong to no
> mount namespace at all and, in general, MNT_DETACHed trees are only
> barely function.  This interacted with commit 380cf5ba6b0a ("fs:
> Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
> act as though they're nosuid, breaking the test.
> 
> Fix it by just not detaching the tree.  It's still in a private
> mount namespace and is therefore still invisible to the rest of the
> system (except via /proc, and the same nosuid logic will protect all
> other programs on the system from believing in test_execve's setuid
> bits).
> 
> While we're at it, fix some blatant whitespace problems.
> 
> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
> Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
> Cc: stable@vger.kernel.org
> Cc: "Eric W. Biederman" <ebiederm@xmission.com>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Shuah Khan <shuahkh@osg.samsung.com>
> Cc: Greg KH <greg@kroah.com>
> Cc: linux-kselftest@vger.kernel.org
> Signed-off-by: Andy Lutomirski <luto@kernel.org>

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thanks for fixing this!