Re: [ 109/171 ] userns: Dont allow creation if the user is chrooted
From: Luis Henriques
Date: Wed Oct 23 2013 - 05:32:44 EST
On Tue, Oct 22, 2013 at 10:45:45AM -0700, Eric W. Biederman wrote:
> Luis Henriques <luis.henriques@xxxxxxxxxxxxx> writes:
>
> > On Thu, Apr 11, 2013 at 04:26:52PM -0400, Steven Rostedt wrote:
> >> 3.6.11.2 stable review patch.
> >> If anyone has any objections, please let me know.
> >>
> >> ------------------
> >>
> >> From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> >>
> >> [ Upstream commit 3151527ee007b73a0ebd296010f1c0454a919c7d ]
> >
> > While looking at some security bugs, I came across this one
> > (CVE-2013-1956). All the references I could find refer to the 3.8
> > kernel only, and this was the only backport I could find to older
> > stable kernels.
> >
> > Could someone clarify if this fix should be included in other stable
> > kernels? Or the only affected kernels were the 3.8.0 to 3.8.5?
>
> Strictly speaking there are older kernels affected. I think it was 3.5
> that had my earliest user namespace bits, and this bug came in with the
> first of those bits. However prior to 3.8 simply not enough things were
> converted for most people to build a kernel with user namespaces
> enabled. I don't think distro's will have user namespaces enabled prior
> to 3.12 as that is when xfs the last hold out was finally converted.
>
> Eric
That makes perfect sense to me. Thanks a lot for the clarification,
Eric.
Cheers,
--
Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/