From: Greg Kroah-Hartman Date: Sun, 19 Oct 2014 23:18:48 +0000 (+0800) Subject: 3.10-stable patches X-Git-Tag: v3.10.59~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=720e04b8085b1fd080a28afcc25ac2c5cbbdcb10;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: fs-add-a-missing-permission-check-to-do_umount.patch --- diff --git a/queue-3.10/fs-add-a-missing-permission-check-to-do_umount.patch b/queue-3.10/fs-add-a-missing-permission-check-to-do_umount.patch new file mode 100644 index 00000000000..b5976551b60 --- /dev/null +++ b/queue-3.10/fs-add-a-missing-permission-check-to-do_umount.patch @@ -0,0 +1,32 @@ +From a1480dcc3c706e309a88884723446f2e84fedd5b Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Wed, 8 Oct 2014 12:32:47 -0700 +Subject: fs: Add a missing permission check to do_umount + +From: Andy Lutomirski + +commit a1480dcc3c706e309a88884723446f2e84fedd5b upstream. + +Accessing do_remount_sb should require global CAP_SYS_ADMIN, but +only one of the two call sites was appropriately protected. + +Fixes CVE-2014-7975. + +Signed-off-by: Andy Lutomirski +Signed-off-by: Greg Kroah-Hartman + +--- + fs/namespace.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1274,6 +1274,8 @@ static int do_umount(struct mount *mnt, + * Special case for "unmounting" root ... + * we just try to remount it readonly. + */ ++ if (!capable(CAP_SYS_ADMIN)) ++ return -EPERM; + down_write(&sb->s_umount); + if (!(sb->s_flags & MS_RDONLY)) + retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); diff --git a/queue-3.10/series b/queue-3.10/series index e62c71d19e5..aa52a5322b8 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -1,3 +1,4 @@ btrfs-try-not-to-enospc-on-log-replay.patch btrfs-fix-build_backref_tree-issue-with-multiple-shared-blocks.patch btrfs-fix-race-in-wait_sync-ioctl.patch +fs-add-a-missing-permission-check-to-do_umount.patch