From: Michael Ellerman <mpe@ellerman.id.au>
To: NeilBrown <neilb@suse.com>, Andrew Morton <akpm@linux-foundation.org>
Cc: Ian Kent <raven@themaw.net>, LKML <linux-kernel@vger.kernel.org>,
autofs mailing list <autofs@vger.kernel.org>
Subject: Re: [PATCH] autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
Date: Fri, 16 Jun 2017 20:33:11 +1000 [thread overview]
Message-ID: <8760fww7bs.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <87fuf07k84.fsf@notabene.neil.brown.name>
NeilBrown <neilb@suse.com> writes:
> On Thu, Jun 15 2017, Andrew Morton wrote:
>> On Wed, 07 Jun 2017 12:08:38 +1000 NeilBrown <neilb@suse.com> wrote:
>>> --- a/fs/autofs4/dev-ioctl.c
>>> +++ b/fs/autofs4/dev-ioctl.c
>>> @@ -344,7 +344,7 @@ static int autofs_dev_ioctl_fail(struct file *fp,
>>> int status;
>>>
>>> token = (autofs_wqt_t) param->fail.token;
>>> - status = param->fail.status ? param->fail.status : -ENOENT;
>>> + status = param->fail.status < 0 ? param->fail.status : -ENOENT;
>>> return autofs4_wait_release(sbi, token, status);
>>> }
>>
>> Sounds serious. Was the absence of a cc:stable deliberate?
>
> You need CAP_SYS_ADMIN to get the ioctl even looked at. Doesn't that
> mean the bug can only be triggered by a process that could easily do
> worse?
>
> Or do containers allow admins to give out CAP_SYS_ADMIN to untrusted
> people?? I haven't been keeping up.
Yep. They can be configured individually in fact, eg:
$ docker run --cap-drop=ALL --cap-add=sys_admin -it debian:jessie /bin/bash
root@aedebe8c46e0:/# capsh --print
Current: = cap_sys_admin+eip
Bounding set =cap_sys_admin
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
uid=0(root)
gid=0(root)
groups=
cheers
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: NeilBrown <neilb@suse.com>, Andrew Morton <akpm@linux-foundation.org>
Cc: Ian Kent <raven@themaw.net>, LKML <linux-kernel@vger.kernel.org>,
autofs mailing list <autofs@vger.kernel.org>
Subject: Re: [PATCH] autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
Date: Fri, 16 Jun 2017 20:33:11 +1000 [thread overview]
Message-ID: <8760fww7bs.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <87fuf07k84.fsf@notabene.neil.brown.name>
NeilBrown <neilb@suse.com> writes:
> On Thu, Jun 15 2017, Andrew Morton wrote:
>> On Wed, 07 Jun 2017 12:08:38 +1000 NeilBrown <neilb@suse.com> wrote:
>>> --- a/fs/autofs4/dev-ioctl.c
>>> +++ b/fs/autofs4/dev-ioctl.c
>>> @@ -344,7 +344,7 @@ static int autofs_dev_ioctl_fail(struct file *fp,
>>> int status;
>>>
>>> token = (autofs_wqt_t) param->fail.token;
>>> - status = param->fail.status ? param->fail.status : -ENOENT;
>>> + status = param->fail.status < 0 ? param->fail.status : -ENOENT;
>>> return autofs4_wait_release(sbi, token, status);
>>> }
>>
>> Sounds serious. Was the absence of a cc:stable deliberate?
>
> You need CAP_SYS_ADMIN to get the ioctl even looked at. Doesn't that
> mean the bug can only be triggered by a process that could easily do
> worse?
>
> Or do containers allow admins to give out CAP_SYS_ADMIN to untrusted
> people?? I haven't been keeping up.
Yep. They can be configured individually in fact, eg:
$ docker run --cap-drop=ALL --cap-add=sys_admin -it debian:jessie /bin/bash
root@aedebe8c46e0:/# capsh --print
Current: = cap_sys_admin+eip
Bounding set =cap_sys_admin
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
uid=0(root)
gid=0(root)
groups=
cheers
--
To unsubscribe from this list: send the line "unsubscribe autofs" in
next prev parent reply other threads:[~2017-06-16 10:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-07 2:08 [PATCH] autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL NeilBrown
2017-06-15 23:34 ` Andrew Morton
2017-06-15 23:34 ` Andrew Morton
2017-06-16 2:13 ` NeilBrown
2017-06-16 3:20 ` Ian Kent
2017-06-16 3:20 ` Ian Kent
2017-06-16 10:33 ` Michael Ellerman [this message]
2017-06-16 10:33 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760fww7bs.fsf@concordia.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=akpm@linux-foundation.org \
--cc=autofs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.com \
--cc=raven@themaw.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.