From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753679AbcFOOJv (ORCPT <rfc822;w@1wt.eu>);
	Wed, 15 Jun 2016 10:09:51 -0400
Received: from mail-oi0-f68.google.com ([209.85.218.68]:35931 "EHLO
	mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753161AbcFOOJs (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 15 Jun 2016 10:09:48 -0400
MIME-Version: 1.0
X-Originating-IP: [217.173.44.24]
In-Reply-To: <20160615140151.GB19388@redhat.com>
References: <20160615133002.GA11993@veci.piliscsaba.szeredi.hu>
	<20160615140151.GB19388@redhat.com>
Date: Wed, 15 Jun 2016 16:09:47 +0200
Message-ID: <CAJfpegvopC3wA9YQ9J5khG3nCJ9zeXTpZ-SMj515vF5RMXEhNQ@mail.gmail.com>
Subject: Re: [PATCH] ovl: fix uid/gid when creating over whiteout
From: Miklos Szeredi <miklos@szeredi.hu>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
        "linux-unionfs@vger.kernel.org" <linux-unionfs@vger.kernel.org>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 15, 2016 at 4:01 PM, Vivek Goyal <vgoyal@redhat.com> wrote:
> On Wed, Jun 15, 2016 at 03:30:02PM +0200, Miklos Szeredi wrote:

>> --- a/fs/overlayfs/dir.c
>> +++ b/fs/overlayfs/dir.c
>> @@ -405,12 +405,21 @@ static int ovl_create_or_link(struct den
>>               err = ovl_create_upper(dentry, inode, &stat, link, hardlink);
>>       } else {
>>               const struct cred *old_cred;
>> +             struct cred *override_cred;
>>
>>               old_cred = ovl_override_creds(dentry->d_sb);
>>
>> -             err = ovl_create_over_whiteout(dentry, inode, &stat, link,
>> -                                            hardlink);
>> +             err = -ENOMEM;
>> +             override_cred = prepare_creds();
>> +             if (override_cred) {
>> +                     override_cred->fsuid = old_cred->fsuid;
>> +                     override_cred->fsgid = old_cred->fsgid;
>
> Hi Miklos,
>
> I am wondering if we are switching to tasks's ->fsuid and ->fsgid too
> early. ovl_create_over_whiteout() calls ovl_lookup_temp(workdir) and
> IIUC, task might not have permission to do lookup in workdir.
>
> Should we switch to this override_cred, just before ovl_create_real()
> so that task ->fsuid and ->fsgid are used only for creation purposes
> only.

For lookup in workdir only CAP_DAC_OVERRIDE should matter, the actual
value of the fsuid and fsgid should be irrelevant (user, group and
others all have zero permission on workdir).

Thanks,
Miklos