[SRU Kinetic, Lunar, OEM-6.0, OEM-6.1 0/3] CVE-2023-32629 // CVE-2023-2640

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Thu Jul 6 20:45:13 UTC 2023


[Impact]
An unprivileged user may cause unintended xattrs to be set on the upper
layer of overlayfs.

[Fix]
Reverting the SAUCE patches that allow for trusted.overlay.* attributes to
be set fixed the problem. In order to not regress issues like LP: #1531747,
a change was added to mount with userxattr option by default when using user
namespaces.

[Potential regression]
overlayfs users under user namespaces may regress. Tests were done with
docker nested on LXD and no regression was observed.

Thadeu Lima de Souza Cascardo (3):
  Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
    ovl_do_(set|remove)xattr"
  Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
    trusted.overlayfs.* xattrs"
  UBUNTU: SAUCE: overlayfs: default to userxattr when mounted from non
    initial user namespace

 fs/overlayfs/overlayfs.h | 16 +++-------------
 fs/overlayfs/super.c     | 10 ++++++++++
 fs/xattr.c               | 36 ++++++------------------------------
 include/linux/xattr.h    |  1 -
 4 files changed, 19 insertions(+), 44 deletions(-)

-- 
2.34.1




More information about the kernel-team mailing list