From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1B94C352A3 for ; Tue, 11 Feb 2020 16:59:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B3EF220870 for ; Tue, 11 Feb 2020 16:59:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731049AbgBKQ7x (ORCPT ); Tue, 11 Feb 2020 11:59:53 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:53496 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731021AbgBKQ7r (ORCPT ); Tue, 11 Feb 2020 11:59:47 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein.fritz.box) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j1Ysa-00014T-VY; Tue, 11 Feb 2020 16:59:21 +0000 From: Christian Brauner To: =?UTF-8?q?St=C3=A9phane=20Graber?= , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: smbarber@chromium.org, Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org, Christian Brauner Subject: [PATCH 15/24] commoncap:cap_bprm_set_creds(): handle fsid mappings Date: Tue, 11 Feb 2020 17:57:44 +0100 Message-Id: <20200211165753.356508-16-christian.brauner@ubuntu.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200211165753.356508-1-christian.brauner@ubuntu.com> References: <20200211165753.356508-1-christian.brauner@ubuntu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org During exec the kfsids are currently reset to the effective kids. To retain the same semantics with the introduction of fsid mappings, we lookup the userspace effective id in the id mappings and translate the effective id into the corresponding kfsid in the fsidmapping. This means, the behavior is unchanged when no fsid mappings are setup and the semantics stay the same even when fsid mappings are setup. Signed-off-by: Christian Brauner --- security/commoncap.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index ecfa0d0c250e..8d1a81e98610 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -811,7 +811,10 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) struct cred *new = bprm->cred; bool effective = false, has_fcap = false, is_setid; int ret; - kuid_t root_uid; + kuid_t root_uid, kfsuid; + kgid_t kfsgid; + uid_t fsuid; + gid_t fsgid; if (WARN_ON(!cap_ambient_invariant_ok(old))) return -EPERM; @@ -848,8 +851,15 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) old->cap_permitted); } - new->suid = new->fsuid = new->euid; - new->sgid = new->fsgid = new->egid; + fsuid = from_kuid_munged(new->user_ns, new->euid); + kfsuid = make_kfsuid(new->user_ns, fsuid); + new->suid = new->euid; + new->fsuid = kfsuid; + + fsgid = from_kgid_munged(new->user_ns, new->egid); + kfsgid = make_kfsgid(new->user_ns, fsgid); + new->sgid = new->egid; + new->fsgid = kfsgid; /* File caps or setid cancels ambient. */ if (has_fcap || is_setid) -- 2.25.0