oss-sec mailing list archives
Re: Summary of security bugs (now fixed) in user namespaces
From: Florian Weimer <fweimer () redhat com>
Date: Tue, 16 Apr 2013 14:19:17 +0200
On 04/13/2013 07:16 PM, Andy Lutomirski wrote:
I previously reported these bugs privatley. I'm summarizing them for the historical record. These bugs were never exploitable on a default-configured released kernel, but some 3.8 versions are vulnerable depending on configuration.
Looking at this list, is there some way to restrict this new functionality to, say, membership in a certain group? At present, most system users (daemons) do not need this functionality, so it would make sense to restrict access to it.
Or is the expectation that we disable CONFIG_USER_NS until things stabilize further?
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 13)
- Re: Summary of security bugs (now fixed) in user namespaces Florian Weimer (Apr 16)
- <Possible follow-ups>
- re: Summary of security bugs (now fixed) in user namespaces Brian Martin (Apr 15)
- Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 15)
- Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried (Apr 16)
- Re: Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 16)
- Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried (Apr 16)
- Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 15)