[PATCH v2 04/10] ovl: make ioctl() safe

James Morris jmorris at namei.org
Wed Dec 9 01:57:29 UTC 2020


On Mon, 7 Dec 2020, Miklos Szeredi wrote:

> ovl_ioctl_set_flags() does a capability check using flags, but then the
> real ioctl double-fetches flags and uses potentially different value.
> 
> The "Check the capability before cred override" comment misleading: user
> can skip this check by presenting benign flags first and then overwriting
> them to non-benign flags.

Is this a security bug which should be fixed in stable?

-- 
James Morris
<jmorris at namei.org>



More information about the Linux-security-module-archive mailing list