From: Eugene Teo <eteo@redhat.com> Date: Thu, 10 Jul 2008 15:14:31 +0800 Subject: [fs] missing check before setting mount propagation Message-id: 20080710071431.GA14921@kernel.sg O-Subject: [RHEL5.3 PATCH] BZ#454393 CVE-2008-2931 missing check before setting mount propagation Bugzilla: 454393 RH-Acked-by: Alexander Viro <aviro@redhat.com> RH-Acked-by: Jerome Marchand <jmarchan@redhat.com> RH-Acked-by: Josef Bacik <jbacik@redhat.com> This is for Bugzilla bug #454393. Backport of upstream commit ee6f958291e2a768fd727e7a67badfff0b67711a This patch adds a missing check for CAP_SYS_ADMIN in do_change_type(). Signed-off-by: Eugene Teo <eteo@redhat.com> diff --git a/fs/namespace.c b/fs/namespace.c index 3787282..6702466 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -910,6 +910,9 @@ static int do_change_type(struct nameidata *nd, int flag) int recurse = flag & MS_REC; int type = flag & ~MS_REC; + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + if (nd->dentry != nd->mnt->mnt_root) return -EINVAL;