Re: [oss-security] Summary of security bugs (now fixed) in user namespaces
From: Florian Weimer
Date: Tue Apr 16 2013 - 08:19:37 EST
On 04/13/2013 07:16 PM, Andy Lutomirski wrote:
I previously reported these bugs privatley. I'm summarizing them for
the historical record. These bugs were never exploitable on a
default-configured released kernel, but some 3.8 versions are
vulnerable depending on configuration.
Looking at this list, is there some way to restrict this new
functionality to, say, membership in a certain group? At present, most
system users (daemons) do not need this functionality, so it would make
sense to restrict access to it.
Or is the expectation that we disable CONFIG_USER_NS until things
stabilize further?
--
Florian Weimer / Red Hat Product Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/