userns: Only allow the creator of the userns unprivileged mappings
authorEric W. Biederman <ebiederm@xmission.com>
Thu, 27 Nov 2014 05:22:14 +0000 (23:22 -0600)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 8 Jan 2015 17:58:16 +0000 (09:58 -0800)
commita1821391e5072029118857f6ebb27f3cf66b9f33
treeeb724ea22f0795f0ff20ccb9d61139f222692d63
parentf028f2d73293b65a5e58ee7468a8683b39fd912c
userns: Only allow the creator of the userns unprivileged mappings

commit f95d7918bd1e724675de4940039f2865e5eec5fe upstream.

If you did not create the user namespace and are allowed
to write to uid_map or gid_map you should already have the necessary
privilege in the parent user namespace to establish any mapping
you want so this will not affect userspace in practice.

Limiting unprivileged uid mapping establishment to the creator of the
user namespace makes it easier to verify all credentials obtained with
the uid mapping can be obtained without the uid mapping without
privilege.

Limiting unprivileged gid mapping establishment (which is temporarily
absent) to the creator of the user namespace also ensures that the
combination of uid and gid can already be obtained without privilege.

This is part of the fix for CVE-2014-8989.

Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/user_namespace.c