Managed to miss the mailing list, sorry. The vanilla commit for the fix is acff81ec2c79492b180fade3c2894425cd35a545.
----- Forwarded message from Cyrill Gorcunov <[email protected]> ----- > Date: Wed, 13 Jan 2016 11:06:48 +0300 > From: Cyrill Gorcunov <[email protected]> > To: Konstantin Khorenko <[email protected]> > Cc: Vladimir Davydov <[email protected]> > Subject: [PATCH rh7] ovl: fix permission checking for setattr > > This fixes CVE-2015-8660. > > From: Miklos Szeredi <[email protected]> > > [Al Viro] The bug is in being too enthusiastic about optimizing ->setattr() > away - instead of "copy verbatim with metadata" + "chmod/chown/utimes" > (with the former being always safe and the latter failing in case of > insufficient permissions) it tries to combine these two. Note that copyup > itself will have to do ->setattr() anyway; _that_ is where the elevated > capabilities are right. Having these two ->setattr() (one to set verbatim > copy of metadata, another to do what overlayfs ->setattr() had been asked > to do in the first place) combined is where it breaks. > > Signed-off-by: Miklos Szeredi <[email protected]> > Cc: <[email protected]> > Signed-off-by: Al Viro <[email protected]> > Signed-off-by: Cyrill Gorcunov <[email protected]> _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
