[Lucid][Precise][Trusty][Utopic][CVE-2014-7975] fs: Add a missing permission check to do_umount

Luis Henriques luis.henriques at canonical.com
Tue Oct 21 16:14:22 UTC 2014

From: Andy Lutomirski <luto at amacapital.net>

Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
only one of the two call sites was appropriately protected.

Fixes CVE-2014-7975.

Signed-off-by: Andy Lutomirski <luto at amacapital.net>
(cherry picked from commit a1480dcc3c706e309a88884723446f2e84fedd5b)
BugLink: http://bugs.launchpad.net/bugs/1383358
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
 fs/namespace.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/namespace.c b/fs/namespace.c
index d6e1c030b961..cb83c66d5280 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1080,6 +1080,8 @@ static int do_umount(struct vfsmount *mnt, int flags)
 		 * Special case for "unmounting" root ...
 		 * we just try to remount it readonly.
+		if (!capable(CAP_SYS_ADMIN))
+			return -EPERM;
 		if (!(sb->s_flags & MS_RDONLY))
 			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);

More information about the kernel-team mailing list