git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9550b10) | patch
user namespace: fix copy_user_ns return value
authorSerge E. Hallyn <serue@us.ibm.com>
Tue, 17 Jul 2007 19:28:17 +0000 (15:28 -0400)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Thu, 19 Jul 2007 21:05:08 +0000 (14:05 -0700)
commit626ac545c12e5f9bffe93086d1d03d26c99987ea
tree3ff83cc510f09bd0561b3b2a8b769beda952ad17tree | snapshot
parent9550b105b8646f916862aee3ab7b25020ca14159commit | diff
user namespace: fix copy_user_ns return value

When a CONFIG_USER_NS=n and a user tries to unshare some namespace other
than the user namespace, the dummy copy_user_ns returns NULL rather than
the old_ns.

This value then gets assigned to task->nsproxy->user_ns, so that a
subsequent setuid, which uses task->nsproxy->user_ns, causes a NULL
pointer deref.

Fix this by returning old_ns.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/user_namespace.h diff | blob | history
Pandora Kernel Repository