ACK / APPLIED[Unstable]: [PATCH 1/1][C/D] UBUNTU: SAUCE: overlayfs: ensure mounter privileges when reading directories
Seth Forshee
seth.forshee at canonical.com
Wed Oct 24 15:42:32 UTC 2018
On Fri, Oct 19, 2018 at 04:44:53PM +0000, Tyler Hicks wrote:
> From: Andy Whitcroft <apw at canonical.com>
>
> BugLink: https://launchpad.net/bugs/1793458
>
> When reading directory contents ensure the mounter has permissions for
> the operation over the constituent parts (lower and upper). Where we are
> in a namespace this ensures that the mounter (root in that namespace)
> has permissions over the files and directories, preventing exposure of
> protected files and directory contents.
>
> CVE-2018-6559
>
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
> [tyhicks: make use of new upstream check in ovl_permission() for copy-ups]
> [tyhicks: make use of creator (mounter) creds hanging off the super block]
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Seth Forshee <seth.forshee at canonical.com>
Applied to unstable/master, thanks!
More information about the kernel-team
mailing list