Assumption never checked, should fail if the mounter creds are not
sufficient.
Signed-off-by: Mark Salyzyn <saly...@android.com>
Cc: Miklos Szeredi <mik...@szeredi.hu>
Cc: Jonathan Corbet <cor...@lwn.net>
Cc: Vivek Goyal <vgo...@redhat.com>
Cc: Eric W. Biederman <ebied...@xmission.com>
Cc: Amir Goldstein <amir7...@gmail.com>
Cc: Randy Dunlap <rdun...@infradead.org>
Cc: Stephen Smalley <s...@tycho.nsa.gov>
Cc: linux-unio...@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-ker...@vger.kernel.org
Cc: kernel-t...@android.com
---
v10:
- return NULL rather than ERR_PTR(-EPERM)
- did _not_ add it ovl_can_decode_fh() because of changes since last
review, suspect needs to be added to ovl_lower_uuid_ok()?
v8 + v9:
- rebase
v7:
- This time for realz
v6:
- rebase
v5:
- dependency of "overlayfs: override_creds=off option bypass creator_cred"
---
fs/overlayfs/namei.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c
index e9717c2f7d45..9702f0d5309d 100644
--- a/fs/overlayfs/namei.c
+++ b/fs/overlayfs/namei.c
@@ -161,6 +161,9 @@ struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct
vfsmount *mnt,
if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
return NULL;
+ if (!capable(CAP_DAC_READ_SEARCH))
+ return NULL;
+
bytes = (fh->len - offsetof(struct ovl_fh, fid));
real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
bytes >> 2, (int)fh->type,
--
2.22.0.657.g960e92d24f-goog
