oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux: Disabling network namespaces

From: Jordan Glover <Golden_Miller83 () protonmail ch>
Date: Mon, 22 Apr 2024 14:33:56 +0000
On Sunday, April 21st, 2024 at 10:06 PM, Solar Designer <solar () openwall com> wrote:


In what exact way would nested namespaces bypass the security design of
Flatpak? Is this about the kernel's attack surface exposed by
capabilities in a namespace or something else? I guess capabilities are
also dropped in the nested namespace?


In flatpak, apps in container communicate with host through portals[1] using dbus.
Portals identify particular app through unique appid (i.e. "org.mozilla.firefox"
for firefox) and grant some permissions according to that. appid is read from
/.flatpak-info that exist inside container and is immutable there. If namespaces
were available inside sandbox then malicious app could leverage mount namespace
to mount crafted /.flatpak-info containing arbitrary data and lie to the portal
about appid - it could tell portal that it's org.mozilla.firefox when it isn't.

[1] https://github.com/flatpak/xdg-desktop-portal

Jordan
Previous By Date Next
Previous By Thread Next

Current thread: