From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from ec2-52-27-115-49.us-west-2.compute.amazonaws.com ([52.27.115.49]:56148
        "EHLO osg.samsung.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1751875AbdF2Ull (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 29 Jun 2017 16:41:41 -0400
Subject: Re: [PATCH] selftests/capabilities: Fix the test_execve test
To: Greg KH <greg@kroah.com>, Andy Lutomirski <luto@kernel.org>
Cc: Naresh Kamboju <naresh.kamboju@linaro.org>, stable@vger.kernel.org,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Kees Cook <keescook@chromium.org>,
        linux-kselftest@vger.kernel.org,
        Shuah Khan <shuahkh@osg.samsung.com>,
        Shuah Khan <shuah@kernel.org>
References: <57f82c0dce0388bdc38da5f45fbe0c8999a0bbbc.1498751145.git.luto@kernel.org>
 <20170629165506.GA10065@kroah.com>
From: Shuah Khan <shuahkh@osg.samsung.com>
Message-ID: <47055265-ebca-55e4-a0ac-92aa06c92dd3@osg.samsung.com>
Date: Thu, 29 Jun 2017 14:41:17 -0600
MIME-Version: 1.0
In-Reply-To: <20170629165506.GA10065@kroah.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On 06/29/2017 10:55 AM, Greg KH wrote:
> On Thu, Jun 29, 2017 at 08:46:12AM -0700, Andy Lutomirski wrote:
>> test_execve does rather odd mount manipulations to safely create
>> temporary setuid and setgid executables that aren't visible to the
>> rest of the system.  Those executables end up in the test's cwd, but
>> that cwd is MNT_DETACHed.
>>
>> The core namespace code considers MNT_DETACHed trees to belong to no
>> mount namespace at all and, in general, MNT_DETACHed trees are only
>> barely function.  This interacted with commit 380cf5ba6b0a ("fs:
>> Treat foreign mounts as nosuid") to cause all MNT_DETACHed trees to
>> act as though they're nosuid, breaking the test.
>>
>> Fix it by just not detaching the tree.  It's still in a private
>> mount namespace and is therefore still invisible to the rest of the
>> system (except via /proc, and the same nosuid logic will protect all
>> other programs on the system from believing in test_execve's setuid
>> bits).
>>
>> While we're at it, fix some blatant whitespace problems.
>>
>> Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
>> Fixes: 380cf5ba6b0a ("fs: Treat foreign mounts as nosuid")
>> Cc: stable@vger.kernel.org
>> Cc: "Eric W. Biederman" <ebiederm@xmission.com>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Shuah Khan <shuahkh@osg.samsung.com>
>> Cc: Greg KH <greg@kroah.com>
>> Cc: linux-kselftest@vger.kernel.org
>> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> 
> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> Thanks for fixing this!
> 

Thanks Andy for the fix. It is now in linux-kselftest next for 4.13-rc1

-- Shuah