mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-09-29 23:18:25 -04:00
Update Linux CVE patches
This commit is contained in:
Tad
parent
12b63c12b7
commit
3989a1b20b
958 changed files with 21074 additions and 397 deletions
52
Patches/Linux_CVEs/CVE-2014-5206/ANY/0.patch
Normal file
52
Patches/Linux_CVEs/CVE-2014-5206/ANY/0.patch
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
From a6138db815df5ee542d848318e5dae681590fccd Mon Sep 17 00:00:00 2001
|
||||
From: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
Date: Mon, 28 Jul 2014 16:26:53 -0700
|
||||
Subject: [PATCH] mnt: Only change user settable mount flags in remount
|
||||
|
||||
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a
|
||||
read-only bind mount read-only in a user namespace the
|
||||
MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
|
||||
to the remount a read-only mount read-write.
|
||||
|
||||
Correct this by replacing the mask of mount flags to preserve
|
||||
with a mask of mount flags that may be changed, and preserve
|
||||
all others. This ensures that any future bugs with this mask and
|
||||
remount will fail in an easy to detect way where new mount flags
|
||||
simply won't change.
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
|
||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
||||
---
|
||||
fs/namespace.c | 2 +-
|
||||
include/linux/mount.h | 4 +++-
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fs/namespace.c b/fs/namespace.c
|
||||
index 7187d01329c35..cb40449ea0dfe 100644
|
||||
--- a/fs/namespace.c
|
||||
+++ b/fs/namespace.c
|
||||
@@ -1937,7 +1937,7 @@ static int do_remount(struct path *path, int flags, int mnt_flags,
|
||||
err = do_remount_sb(sb, flags, data, 0);
|
||||
if (!err) {
|
||||
lock_mount_hash();
|
||||
- mnt_flags |= mnt->mnt.mnt_flags & MNT_PROPAGATION_MASK;
|
||||
+ mnt_flags |= mnt->mnt.mnt_flags & ~MNT_USER_SETTABLE_MASK;
|
||||
mnt->mnt.mnt_flags = mnt_flags;
|
||||
touch_mnt_namespace(mnt->mnt_ns);
|
||||
unlock_mount_hash();
|
||||
diff --git a/include/linux/mount.h b/include/linux/mount.h
|
||||
index 839bac2709048..b637a89e1faeb 100644
|
||||
--- a/include/linux/mount.h
|
||||
+++ b/include/linux/mount.h
|
||||
@@ -42,7 +42,9 @@ struct mnt_namespace;
|
||||
* flag, consider how it interacts with shared mounts.
|
||||
*/
|
||||
#define MNT_SHARED_MASK (MNT_UNBINDABLE)
|
||||
-#define MNT_PROPAGATION_MASK (MNT_SHARED | MNT_UNBINDABLE)
|
||||
+#define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \
|
||||
+ | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \
|
||||
+ | MNT_READONLY)
|
||||
|
||||
#define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \
|
||||
MNT_DOOMED | MNT_SYNC_UMOUNT | MNT_MARKED)
|
||||
Loading…
Add table
Add a link
Reference in a new issue