system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

user namespace: fix copy_user_ns return value

Browse source 
When a CONFIG_USER_NS=n and a user tries to unshare some namespace other
than the user namespace, the dummy copy_user_ns returns NULL rather than
the old_ns.

This value then gets assigned to task->nsproxy->user_ns, so that a
subsequent setuid, which uses task->nsproxy->user_ns, causes a NULL
pointer deref.

Fix this by returning old_ns.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Serge E. Hallyn 2007-07-17 15:28:17 -04:00 committed by Linus Torvalds
parent 9550b105b8
commit 626ac545c1
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/linux/user_namespace.h
View file

@ -49,7 +49,7 @@ static inline struct user_namespace *copy_user_ns(int flags,
if (flags & CLONE_NEWUSER)
return ERR_PTR(-EINVAL);
return NULL;
return old_ns;
}
static inline void put_user_ns(struct user_namespace *ns)