git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Sandeen <sandeen@redhat.com>
	Tue, 2 Jul 2024 22:22:41 +0000 (17:22 -0500)
committer	Christian Brauner <brauner@kernel.org>
	Wed, 3 Jul 2024 14:55:11 +0000 (16:55 +0200)
commit	525bd65aa759ec320af1dc06e114ed69733e9e23
tree	5d0e8538661766a6f0be52feea968eef7490135c	tree
parent	d02f0bb332d52c0330a1ef11cf98b7ec6448b99b	commit \| diff

fuse: verify {g,u}id mount options correctly

As was done in
0200679fc795 ("tmpfs: verify {g,u}id mount options correctly")
we need to validate that the requested uid and/or gid is representable in
the filesystem's idmapping.

Cribbing from the above commit log,

The contract for {g,u}id mount options and {g,u}id values in general set
from userspace has always been that they are translated according to the
caller's idmapping. In so far, fuse has been doing the correct thing.
But since fuse is mountable in unprivileged contexts it is also
necessary to verify that the resulting {k,g}uid is representable in the
namespace of the superblock.

Fixes: c30da2e981a7 ("fuse: convert to use the new mount API")
Cc: stable@vger.kernel.org # 5.4+
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Link: https://lore.kernel.org/r/8f07d45d-c806-484d-a2e3-7a2199df1cd2@redhat.com
Reviewed-by: Christian Brauner <brauner@kernel.org>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>