[PATCH v2 04/10] ovl: make ioctl() safe
James Morris
jmorris at namei.org
Wed Dec 9 01:57:29 UTC 2020
On Mon, 7 Dec 2020, Miklos Szeredi wrote:
> ovl_ioctl_set_flags() does a capability check using flags, but then the
> real ioctl double-fetches flags and uses potentially different value.
>
> The "Check the capability before cred override" comment misleading: user
> can skip this check by presenting benign flags first and then overwriting
> them to non-benign flags.
Is this a security bug which should be fixed in stable?
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list