diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2012-04-23 20:06:34 -0400 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-08-24 01:54:18 -0400 |
| commit | c9235f4872e810d43bf1b19b92cdbe0ec282bada (patch) | |
| tree | 7b83bddcae65527ea9f2995f523866483ea6a678 | |
| parent | bc45dae323112f2365d7ca307571781163d1bc04 (diff) | |
userns: Make credential debugging user namespace safe.
Cc: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
| -rw-r--r-- | init/Kconfig | 1 | ||||
| -rw-r--r-- | kernel/cred.c | 10 |
2 files changed, 8 insertions, 3 deletions
diff --git a/init/Kconfig b/init/Kconfig index 448b701b1722..fdabc5160cdf 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -936,7 +936,6 @@ config UIDGID_CONVERTED | |||
| 936 | depends on FS_POSIX_ACL = n | 936 | depends on FS_POSIX_ACL = n |
| 937 | depends on QUOTA = n | 937 | depends on QUOTA = n |
| 938 | depends on QUOTACTL = n | 938 | depends on QUOTACTL = n |
| 939 | depends on DEBUG_CREDENTIALS = n | ||
| 940 | depends on BSD_PROCESS_ACCT = n | 939 | depends on BSD_PROCESS_ACCT = n |
| 941 | depends on DRM = n | 940 | depends on DRM = n |
| 942 | depends on PROC_EVENTS = n | 941 | depends on PROC_EVENTS = n |
diff --git a/kernel/cred.c b/kernel/cred.c index de728ac50d82..48cea3da6d05 100644 --- a/kernel/cred.c +++ b/kernel/cred.c | |||
| @@ -799,9 +799,15 @@ static void dump_invalid_creds(const struct cred *cred, const char *label, | |||
| 799 | atomic_read(&cred->usage), | 799 | atomic_read(&cred->usage), |
| 800 | read_cred_subscribers(cred)); | 800 | read_cred_subscribers(cred)); |
| 801 | printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n", | 801 | printk(KERN_ERR "CRED: ->*uid = { %d,%d,%d,%d }\n", |
| 802 | cred->uid, cred->euid, cred->suid, cred->fsuid); | 802 | from_kuid_munged(&init_user_ns, cred->uid), |
| 803 | from_kuid_munged(&init_user_ns, cred->euid), | ||
| 804 | from_kuid_munged(&init_user_ns, cred->suid), | ||
| 805 | from_kuid_munged(&init_user_ns, cred->fsuid)); | ||
| 803 | printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n", | 806 | printk(KERN_ERR "CRED: ->*gid = { %d,%d,%d,%d }\n", |
| 804 | cred->gid, cred->egid, cred->sgid, cred->fsgid); | 807 | from_kgid_munged(&init_user_ns, cred->gid), |
| 808 | from_kgid_munged(&init_user_ns, cred->egid), | ||
| 809 | from_kgid_munged(&init_user_ns, cred->sgid), | ||
| 810 | from_kgid_munged(&init_user_ns, cred->fsgid)); | ||
| 805 | #ifdef CONFIG_SECURITY | 811 | #ifdef CONFIG_SECURITY |
| 806 | printk(KERN_ERR "CRED: ->security is %p\n", cred->security); | 812 | printk(KERN_ERR "CRED: ->security is %p\n", cred->security); |
| 807 | if ((unsigned long) cred->security >= PAGE_SIZE && | 813 | if ((unsigned long) cred->security >= PAGE_SIZE && |