oss-sec mailing list archives
Re: Linux: Disabling network namespaces
From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Mon, 22 Apr 2024 18:10:27 -0400
On Mon, Apr 22, 2024 at 02:33:56PM +0000, Jordan Glover wrote:
On Sunday, April 21st, 2024 at 10:06 PM, Solar Designer <solar () openwall com> wrote:In what exact way would nested namespaces bypass the security design of Flatpak? Is this about the kernel's attack surface exposed by capabilities in a namespace or something else? I guess capabilities are also dropped in the nested namespace?In flatpak, apps in container communicate with host through portals[1] using dbus. Portals identify particular app through unique appid (i.e. "org.mozilla.firefox" for firefox) and grant some permissions according to that. appid is read from /.flatpak-info that exist inside container and is immutable there. If namespaces were available inside sandbox then malicious app could leverage mount namespace to mount crafted /.flatpak-info containing arbitrary data and lie to the portal about appid - it could tell portal that it's org.mozilla.firefox when it isn't. [1] https://github.com/flatpak/xdg-desktop-portal Jordan
Why is the appid read from /.flatpak-info, instead of having the flatpak process that spawned the container pass the info to the dbus proxy along with the FD used to communicate with the container? -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description:
Current thread:
- Re: Linux: Disabling network namespaces, (continued)
- Re: Linux: Disabling network namespaces Simon McVittie (Apr 15)
- Re: Linux: Disabling network namespaces Georgia Garcia (Apr 17)
- Re: Linux: Disabling network namespaces Solar Designer (Apr 19)
- Re: Linux: Disabling network namespaces Simon McVittie (Apr 19)
- Re: Linux: Disabling network namespaces Solar Designer (Apr 20)
- Re: Linux: Disabling network namespaces Jordan Glover (Apr 20)
- Re: Linux: Disabling network namespaces Simon McVittie (Apr 21)
- Re: Linux: Disabling network namespaces Priedhorsky, Reid (Apr 22)
- Re: Linux: Disabling network namespaces Solar Designer (Apr 21)
- Re: Linux: Disabling network namespaces Jordan Glover (Apr 22)
- Re: Linux: Disabling network namespaces Demi Marie Obenour (Apr 23)
- Re: Linux: Disabling network namespaces Simon McVittie (Apr 23)
- Re: Linux: Disabling network namespaces Solar Designer (Apr 19)
- Re: Linux: Disabling network namespaces John Johansen (Apr 29)
- Re: Linux: Disabling network namespaces Simon McVittie (Apr 21)
- Re: Linux: Disabling network namespaces Solar Designer (Apr 21)
- Re: Re: Linux: Disabling network namespaces John Johansen (Apr 29)
- Re: Linux: Disabling network namespaces Demi Marie Obenour (Apr 16)