aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2015-01-15 17:49:27 +0000
committerSimon Shields <keepcalm444@gmail.com>2016-03-15 18:00:10 +1100
commitc88f7bbd8026761a615c9969d186ffa2a1a3da3c (patch)
tree7ad24b4c1814bb7490f6afad58a53d8dd497a8cf /security/keys
parent260325caf43c98bd8ca8146ffe4730017ebdab44 (diff)
downloadkernel_samsung_smdk4412-c88f7bbd8026761a615c9969d186ffa2a1a3da3c.tar.gz
kernel_samsung_smdk4412-c88f7bbd8026761a615c9969d186ffa2a1a3da3c.tar.bz2
kernel_samsung_smdk4412-c88f7bbd8026761a615c9969d186ffa2a1a3da3c.zip
mnt: Prevent pivot_root from creating a loop in the mount tree
Andy Lutomirski recently demonstrated that when chroot is used to set the root path below the path for the new ``root'' passed to pivot_root the pivot_root system call succeeds and leaks mounts. In examining the code I see that starting with a new root that is below the current root in the mount tree will result in a loop in the mount tree after the mounts are detached and then reattached to one another. Resulting in all kinds of ugliness including a leak of that mounts involved in the leak of the mount loop. Prevent this problem by ensuring that the new mount is reachable from the current root of the mount tree. [Added stable cc. Fixes CVE-2014-7970. --Andy] Cc: stable@vger.kernel.org Reported-by: Andy Lutomirski <luto@amacapital.net> Reviewed-by: Andy Lutomirski <luto@amacapital.net> Link: http://lkml.kernel.org/r/87bnpmihks.fsf@x220.int.ebiederm.org Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andy Lutomirski <luto@amacapital.net> (backported from commit 0d0826019e529f21c84687521d03f60cd241ca7d) CVE-2014-7970 BugLink: http://bugs.launchpad.net/bugs/1383356 Signed-off-by: Luis Henriques <luis.henriques@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com> Change-Id: I0fe1d090eeb4765cc49401784e44a430f9585498
Diffstat (limited to 'security/keys')
0 files changed, 0 insertions, 0 deletions