From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C309EB64DD for ; Mon, 7 Aug 2023 08:56:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B40B06B0072; Mon, 7 Aug 2023 04:56:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AF0BD6B0074; Mon, 7 Aug 2023 04:56:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9B8A48D0001; Mon, 7 Aug 2023 04:56:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 873E06B0072 for ; Mon, 7 Aug 2023 04:56:12 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 46AFA14070E for ; Mon, 7 Aug 2023 08:56:12 +0000 (UTC) X-FDA: 81096701784.07.635FCAE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 63F8C140005 for ; Mon, 7 Aug 2023 08:56:10 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lhBGTN9U; spf=pass (imf23.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691398570; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MvbpMyZ9f9Q3RMRep1zDNt8ifgV6QYwwbKL9/QA60j4=; b=GDQ1IMZxAFy6zvOvL2Obqs+HBmgcXAF/v75IHCxmXeaoMO45/QNcELLnT9VzSr/lglmpHk pH67OXMiHRRW8iaIHUf1oSr0rOc63X9FXKSLo6QS6s2TjXvwdiLhhzCseULVWAII1EPShY rAS5g6/ZmDKBWXjz5KM1yqp2zxP1iLI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691398570; a=rsa-sha256; cv=none; b=W8pj2lQz1OEsZNciKjpqModumk3hoJkO8AynIgshqu4jbUn0fl/rMWH1YcyHF3TwFodaga jxO5E4ivLlLARUf3JJiU4cO7QnxsmgcqCopXeEeZTxzHCCSP8Bc2DHdnsuLKwqLmTukQ56 obqDK8+HK+wuTFbDuOGB1bgIIv/ZZXQ= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lhBGTN9U; spf=pass (imf23.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4A72B615ED; Mon, 7 Aug 2023 08:56:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37E74C433C7; Mon, 7 Aug 2023 08:56:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691398568; bh=5RR/2Gwtht+lUSZTGrMyxscAeSiOU/sdIv55M23y7UE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lhBGTN9UlAMQlQaAQ9HfT4pheFALcRl126hPIvgQqLh/YLiYIslfR8uyWrZOo3FFd MA033hKJZRFMRcD4oCBGavHqLCJpY15Ml3Oixm73/NJb0BlCBI6HDIzF6gKeU/0puy klAmgmFxBp68wRzXblx0eo99IGg+YSSafdU9sG24K8lfKwbcr+fW11jPzlmtuoCm1F V7/kFOvyx9REGpuuhfWlpGq9HGoYofurN42UBV80BMXyCKxSeCI7y2CKl1N7aG5FGd tLsP3nxqEnQL8kjRltJDRzc2N37BIZo0kotCuj9VTV44+suLpdxhRZaHCvMb/gtma6 EgM+j9qW/qDTA== From: Christian Brauner To: Hugh Dickins Cc: Christian Brauner , Seth Jenkins , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, Seth Forshee Subject: Re: [PATCH] tmpfs: verify {g,u}id mount options correctly Date: Mon, 7 Aug 2023 10:56:03 +0200 Message-Id: <20230807-ozonwerte-aderlass-2c1d8a3a750c@brauner> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230801-vfs-fs_context-uidgid-v1-1-daf46a050bbf@kernel.org> References: <20230801-vfs-fs_context-uidgid-v1-1-daf46a050bbf@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Developer-Signature: v=1; a=openpgp-sha256; l=1456; i=brauner@kernel.org; h=from:subject:message-id; bh=5RR/2Gwtht+lUSZTGrMyxscAeSiOU/sdIv55M23y7UE=; b=owGbwMvMwCU28Zj0gdSKO4sYT6slMaRc2Ljw0vqe992VKucWP2zOCvz55/Sbt9uXXJWoa7D9/MM8 SbmRpaOUhUGMi0FWTJHFod0kXG45T8Vmo0wNmDmsTCBDGLg4BWAiyV4Mf8VrVj49UTBX/rDwontbV/ Sw3DBqOzjXd7Kj2p53HPk531cwMpx6ayDELWAbzfb5vZ5l9I3jvnsfxunsr2HK+pTg+9CLixUA X-Developer-Key: i=brauner@kernel.org; a=openpgp; fpr=4880B8C9BD0E5106FC070F4F7B3C391EFEA93624 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 63F8C140005 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: bqmwooawo4gb8xmhdkztngihbyqh1357 X-HE-Tag: 1691398570-869553 X-HE-Meta: U2FsdGVkX18E2ojvWUNnnak95STNEqqvP5N4G5SesM4Cl9g4FMJf7wZBWi92UUiDLZA7IZstEJvonHwKLONdZWikdZnB6TjGj9FXQLEO3dD4zlprfUdj6IcnX0crEcL/qtGnbMCtptLcUmwbbflsx6iD7PdpMwwvT/OmmJzjRlYgxnI3B9QcaQ1TikHhImmX+vixFyhfA0n3tCJV2RNfpZ96Xf84wkBjTJ//c8yslXszoQDnd3KQ9m6lO1dDL9+aJUAfZOQfaDwMJhMZ/pa0xVSTEnj5/v2ljfFiOkIZYR0C6T984vXfWR160eiAwRgOuI/zyhULVhhXwzFwfxXlQMxyKov0LGoRDXNqfAV57uV4LSuqJ3o4XtLiD9XLXoMQ9pTxUul/rFmQpra2M9A+xTyvkoOFRqGCfnxhVCVc3vAiNhZmjimOqKrTe+TQdNkwLUSJuy0T5Rrtj8NlIBPcEfvlys2FidTok4BnSOYyIYs1FQ54gkxAcwpuxHXTbFRK+TKyMjCtBrk+/pY5aUnevutjyWDIvwMEg1TCBOr8jSOqhrPt3tGMiyZbNQYiNBirx52OVVg9YTyWQtkjJaM+WO0rcbTHF3TI3e4bJrW7kT/wU1avsfMESeVmtec5/oIrDOgczfEVmH67UbBsrNvLP3W565MKf8TQvHGaL1xgpJ6BFYaG40eh+rQVJyVdZJFNZO5zgOAnIm8sVB1J+r1hrliSS4kRga7qD9xuGZLw0ikcwHWgcSxf7kMuUB+3r7mqPQJihmU6+T1dhAqxr7jiRnygzoO3VNXDYgg44wA/NQBResZUTCK7ReNkokKiu5SgG5YFoqIu1fZ3xOAjaCv+zVIa4dZAviLQs+NIi1rtfsdCpwWCAmUEPiRg40TcT1ClIq3GUDx3K7DAkPVLEJ+TsTbOGQ9Qo/5jA09zFyi3MCC2+e+1DW1e2azpOe4annST8e+UX64ho3Wed5DsOjE OutLfZbd rU1QeuB0eT2s4LZQKkvfFw5p30B/twGQ/MnjwXS8gLcvHoM+3sH/hesg21g4rmXUYM45osqG4GGy5dv/gwhDJ58cdc/0mHvadeWUT7h3wVJAWNFWoaGO2FRZOY7gAMQuzAFc5mihonMdCCZ0QBjd1J8/UbPBIp7i/M1Sqrtb4eb1xshxXmwbISE75NXOJT+KiCbfZxyMs6k+FaVnbo24mdnOMJZwjKGpIqnSG0Jh4kVBXiJVDlUFj8/K3rGta7bTMnNeNv89BKIidXcep9puv8H38twjW6nRU+wlWzf11fMGCF2ic5ZCDqhTzAwluUiIPR9JqrWaR8qWCZ8UyVOaaFuG8Gg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, 01 Aug 2023 18:17:04 +0200, Christian Brauner wrote: > A while ago we received the following report: > > "The other outstanding issue I noticed comes from the fact that > fsconfig syscalls may occur in a different userns than that which > called fsopen. That means that resolving the uid/gid via > current_user_ns() can save a kuid that isn't mapped in the associated > namespace when the filesystem is finally mounted. This means that it > is possible for an unprivileged user to create files owned by any > group in a tmpfs mount (since we can set the SUID bit on the tmpfs > directory), or a tmpfs that is owned by any user, including the root > group/user." > > [...] Applied to the vfs.tmpfs branch of the vfs/vfs.git tree. Patches in the vfs.tmpfs branch should appear in linux-next soon. Please report any outstanding bugs that were missed during review in a new review to the original patch series allowing us to drop it. It's encouraged to provide Acked-bys and Reviewed-bys even though the patch has now been applied. If possible patch trailers will be updated. Note that commit hashes shown below are subject to change due to rebase, trailer updates or similar. If in doubt, please check the listed branch. tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git branch: vfs.tmpfs [1/1] tmpfs: verify {g,u}id mount options correctly https://git.kernel.org/vfs/vfs/c/f90277cb4cae