Re: Re: Summary of security bugs (now fixed) in user namespaces

[Andy Lutomirski <luto () amacapital net>]

On Tue, Apr 16, 2013 at 2:01 AM, Kurt Seifried <kseifried () redhat com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/15/2013 04:45 PM, Andy Lutomirski wrote:
> > On Mon, Apr 15, 2013 at 3:34 PM, Brian Martin
> > <brian () opensecurityfoundation org> wrote:
> > > Andy;
> > >
> > > : I previously reported these bugs privatley.  I'm summarizing
> > > them for
> > >
> > > : the historical record.  These bugs were never exploitable on a
> > > : default-configured released kernel, but some 3.8 versions are :
> > > vulnerable depending on configuration.
> > >
> > > Do you know if these were patched, and therefore possibly
> > > disclosed via the commits? With these details, it is difficult to
> > > line them up to existing reports.
> >
> > Bug 1 should be fixed in:
> >
> > commit 3151527ee007b73a0ebd296010f1c0454a919c7d Author: Eric W.
> > Biederman <ebiederm () xmission com> Date:   Fri Mar 15 01:45:51 2013
> > -0700
> >
> > userns:  Don't allow creation if the user is chrooted
>
> Can you confirm this has no CVE?

AFAIK it does not.

> > Bug 2 is should be fixed by these:
> >
> > commit 90563b198e4c6674c63672fae1923da467215f45 Author: Eric W.
> > Biederman <ebiederm () xmission com> Date:   Fri Mar 22 03:10:15 2013
> > -0700
> >
> > vfs: Add a mount flag to lock read only bind mounts
> >
> > commit 132c94e31b8bca8ea921f9f96a57d684fa4ae0a9 Author: Eric W.
> > Biederman <ebiederm () xmission com> Date:   Fri Mar 22 04:08:05 2013
> > -0700
> >
> > vfs: Carefully propogate mounts across user namespaces
>
> Can you confirm this has no CVE?

AFAIK it does not.


> > Bug 3 should be fixed in:
> >
> > commit 92f28d973cce45ef5823209aab3138eb45d8b349 Author: Eric W.
> > Biederman <ebiederm () xmission com> Date:   Fri Mar 15 01:03:33 2013
> > -0700
> >
> > scm: Require CAP_SYS_ADMIN over the current pidns to spoof pids.
>
> Can you confirm this has no CVE?

AFAIK it does not.

--Andy