projects / linux-flexiantxendom0-natty.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: f2a4ba7) | patch
UBUNTU: SAUCE: Yama: verify inode is symlink to avoid bind mounts
authorKees Cook <kees.cook@canonical.com>
Tue, 13 Jul 2010 21:54:56 +0000 (14:54 -0700)
committerLeann Ogasawara <leann.ogasawara@canonical.com>
Mon, 28 Mar 2011 13:48:58 +0000 (06:48 -0700)
commitb927cf2db3b156a64d8dc84c5de3fe1c52ecf1ed
tree13349353ea36dcfd7dbeb4638e2defb8bc2a0697tree | snapshot
parentf2a4ba7d97529dd96a10cff20bade7ee287c6edccommit | diff
UBUNTU: SAUCE: Yama: verify inode is symlink to avoid bind mounts

The inode_follow_link LSM hook is called in bind mount situations as
well as for symlink situations, so we must explicitly check for the
inode being a symlink to not reject bind mounts in 1777 directories,
which seems to be a common NFSv4 configuration.

BugLink: https://bugs.launchpad.net/bugs/604407

[submitted upstream to security-next]

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
security/yama/yama_lsm.c diff | blob | history
Port of xen3.3 xenlinux code to Ubuntu Natty kernel