[ 3.8.y.z extended stable ] Patch "proc: Restrict mounting the proc filesystem" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Sep 20 00:36:14 UTC 2013 

This is a note to let you know that I have just added a patch titled

    proc: Restrict mounting the proc filesystem

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.10.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 824024576ed4a4c58171c59b1bf3b84d8cdfad7b Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm at xmission.com>
Date: Mon, 25 Mar 2013 19:57:10 -0700
Subject: proc: Restrict mounting the proc filesystem

commit aee1c13dd0f6c2fc56e0e492b349ee8ac655880f upstream.

Don't allow mounting the proc filesystem unless the caller has
CAP_SYS_ADMIN rights over the pid namespace.  The principle here is if
you create or have capabilities over it you can mount it, otherwise
you get to live with what other people have mounted.

Andy pointed out that this is needed to prevent users in a user
namespace from remounting proc and specifying different hidepid and gid
options on already existing proc mounts.

Reported-by: Andy Lutomirski <luto at amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/proc/root.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/proc/root.c b/fs/proc/root.c
index 9c7fab1..411068e 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -110,7 +110,8 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
 		ns = task_active_pid_ns(current);
 		options = data;

-		if (!current_user_ns()->may_mount_proc)
+		if (!current_user_ns()->may_mount_proc ||
+		    !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
 			return ERR_PTR(-EPERM);
 	}

--
1.8.1.2

More information about the kernel-team mailing list