oss-sec mailing list archives
Re: CLONE_NEWUSER local DoS
From: Oleg Nesterov <oleg () redhat com>
Date: Tue, 6 Aug 2013 20:31:09 +0200
On 08/06, Andy Lutomirski wrote:
On Tue, Aug 6, 2013 at 9:47 AM, Oleg Nesterov <oleg () redhat com> wrote:I'll send the patch, but perhaps there is something else. Eric?I think that's right. OTOH, it's not going to prevent this from OOMing:
Aaaah. user_ns_cachep I guess? ns->parent logic, yes?? I convinced myself this should be fine but it seems you are right. IIUC, this needs another fix. Will try tomorrow. Not that I think this needs my help ;) Oleg.
Current thread:
- CLONE_NEWUSER local DoS Petr Matousek (Aug 06)
- Re: CLONE_NEWUSER local DoS Kurt Seifried (Aug 06)
- Re: CLONE_NEWUSER local DoS Oleg Nesterov (Aug 06)
- [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Oleg Nesterov (Aug 06)
- [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Oleg Nesterov (Aug 06)
- Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Andy Lutomirski (Aug 06)
- Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Eric W. Biederman (Aug 06)
- Re: [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Petr Matousek (Aug 07)
- [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Oleg Nesterov (Aug 06)
- Re: CLONE_NEWUSER local DoS Andy Lutomirski (Aug 06)
- Re: CLONE_NEWUSER local DoS Oleg Nesterov (Aug 06)