[ 3.5.y.z extended stable ] Patch "ipc: Restrict mounting the mqueue filesystem" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Wed Apr 3 10:50:24 UTC 2013 

This is a note to let you know that I have just added a patch titled

    ipc: Restrict mounting the mqueue filesystem

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From f3b5a4b904f65aa7b301d49e5a065da615467c16 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm at xmission.com>
Date: Thu, 21 Mar 2013 18:13:15 -0700
Subject: [PATCH] ipc: Restrict mounting the mqueue filesystem

commit a636b702ed1805e988ad3d8ff8b52c060f8b341c upstream.

Only allow mounting the mqueue filesystem if the caller has CAP_SYS_ADMIN
rights over the ipc namespace.   The principle here is if you create
or have capabilities over it you can mount it, otherwise you get to live
with what other people have mounted.

This information is not particularly sensitive and mqueue essentially
only reports which posix messages queues exist.  Still when creating a
restricted environment for an application to live any extra
information may be of use to someone with sufficient creativity.  The
historical if imperfect way this information has been restricted has
been not to allow mounts and restricting this to ipc namespace
creators maintains the spirit of the historical restriction.

Acked-by: Serge Hallyn <serge.hallyn at canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 ipc/mqueue.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 8ce5769..8513d4e 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -331,8 +331,16 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type,
 			 int flags, const char *dev_name,
 			 void *data)
 {
-	if (!(flags & MS_KERNMOUNT))
-		data = current->nsproxy->ipc_ns;
+	if (!(flags & MS_KERNMOUNT)) {
+		struct ipc_namespace *ns = current->nsproxy->ipc_ns;
+		/* Don't allow mounting unless the caller has CAP_SYS_ADMIN
+		 * over the ipc namespace.
+		 */
+		if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN))
+			return ERR_PTR(-EPERM);
+
+		data = ns;
+	}
 	return mount_ns(fs_type, flags, data, mqueue_fill_super);
 }

--
1.8.1.2

More information about the kernel-team mailing list