Kees Cook <[email protected]> writes: > Hi, > > It seem like we should block (at least) this combination. On 3.9, this > exploit works once uidmapping is added. > > http://www.openwall.com/lists/oss-security/2013/03/13/10
Yes. That is a bad combination. It let's chroot confuse privileged processes. Now to figure out if this is easier to squash by adding a user_namespace to fs_struct or by just forbidding this combination. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
