Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'CVE-2014-7970' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux

Pull pivot_root() fix from Andy Lutomirski.

Prevent a leak of unreachable mounts.

* 'CVE-2014-7970' of git://git.kernel.org/pub/scm/linux/kernel/git/luto/linux:
  mnt: Prevent pivot_root from creating a loop in the mount tree
Linus Torvalds 10 years ago
parent
2d65a9f48f 0d0826019e
commit
ce9d7f7b45
1 changed files with 3 additions and 0 deletions
Unified View Show Diff Stats
  1. 3 0
      fs/namespace.c

+ 3 - 0
fs/namespace.c
View File 

@@ -2915,6 +2915,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
 
 	/* make sure we can reach put_old from new_root */
 
 	/* make sure we can reach put_old from new_root */
 
 	if (!is_path_reachable(old_mnt, old.dentry, &new))
 
 	if (!is_path_reachable(old_mnt, old.dentry, &new))
 
 		goto out4;
 
 		goto out4;
 
+	/* make certain new is below the root */
 
+	if (!is_path_reachable(new_mnt, new.dentry, &root))
 
+		goto out4;
 
 	root_mp->m_count++; /* pin it so it won't go away */
 
 	root_mp->m_count++; /* pin it so it won't go away */
 
 	lock_mount_hash();
 
 	lock_mount_hash();
 
 	detach_mnt(new_mnt, &parent_path);
 
 	detach_mnt(new_mnt, &parent_path);