APPLIED [OEM-6.1] Re: [SRU Kinetic, Lunar, OEM-6.0, OEM-6.1 0/3] CVE-2023-32629 // CVE-2023-2640

Timo Aaltonen tjaalton at ubuntu.com
Mon Jul 24 09:43:13 UTC 2023


On 6.7.2023 23.45, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An unprivileged user may cause unintended xattrs to be set on the upper
> layer of overlayfs.
> 
> [Fix]
> Reverting the SAUCE patches that allow for trusted.overlay.* attributes to
> be set fixed the problem. In order to not regress issues like LP: #1531747,
> a change was added to mount with userxattr option by default when using user
> namespaces.
> 
> [Potential regression]
> overlayfs users under user namespaces may regress. Tests were done with
> docker nested on LXD and no regression was observed.
> 
> Thadeu Lima de Souza Cascardo (3):
>    Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
>      ovl_do_(set|remove)xattr"
>    Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
>      trusted.overlayfs.* xattrs"
>    UBUNTU: SAUCE: overlayfs: default to userxattr when mounted from non
>      initial user namespace
> 
>   fs/overlayfs/overlayfs.h | 16 +++-------------
>   fs/overlayfs/super.c     | 10 ++++++++++
>   fs/xattr.c               | 36 ++++++------------------------------
>   include/linux/xattr.h    |  1 -
>   4 files changed, 19 insertions(+), 44 deletions(-)
> 

applied to oem-6.1, thanks

-- 
t




More information about the kernel-team mailing list