Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
userns: limit the maximum depth of user_namespace->parent chain
Ensure that user_namespace->parent chain can't grow too much.
Currently we use the hardroded 32 as limit.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
authored by
Oleg Nesterov
and committed by
Linus Torvalds
8742f229
55f5bfd4
+5
+1
include/linux/user_namespace.h
+1
include/linux/user_namespace.h
+4
kernel/user_namespace.c
+4
kernel/user_namespace.c
···
62
62
kgid_t group = new->egid;
63
63
int ret;
64
64
65
+
if (parent_ns->level > 32)
66
+
return -EUSERS;
67
+
65
68
/*
66
69
* Verify that we can not violate the policy of which files
67
70
* may be accessed that is specified by the root directory,
···
95
92
atomic_set(&ns->count, 1);
96
93
/* Leave the new->user_ns reference with the new user namespace. */
97
94
ns->parent = parent_ns;
95
+
ns->level = parent_ns->level + 1;
98
96
ns->owner = owner;
99
97
ns->group = group;
100
98