lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1320445482-8459-1-git-send-email-serge@hallyn.com>
Date:	Fri,  4 Nov 2011 22:24:36 +0000
From:	Serge Hallyn <serge@...lyn.com>
To:	linux-kernel@...r.kernel.org, containers@...ts.linux-foundation.org
Cc:	oleg@...hat.com, richard@....at, akpm@...ux-foundation.org,
	ebiederm@...ssion.com, serge@...lyn.com, dhowells@...hat.com,
	eparis@...hat.com
Subject: user namespaces: fix some uid/privilege leaks

The previous submission of these patches, and review comments, can be
seen in the thread starting here: https://lkml.org/lkml/2011/10/18/463 .
Since then, patches 
0001-pid_ns-ensure-pid-is-not-freed-during-kill_pid_info_.patch
and
0002-user-namespace-usb-make-usb-urbs-user-namespace-awar.patch
have gone upstream, and I've reverted
0009-make-net-core-scm.c-uid-comparisons-user-namespace-a.patch
because it relaxes checks, and right now we want to focus on
fixing leaks.

The set includes:

0001-user-namespace-make-signal.c-respect-user-namespaces.patch
	This convers the uid for the task sending a signal to the
	user namespace of the receiver.  It is somewhat analogous
	to what is done with the sender's pid.
	Waiting on feedback from Oleg, but I believe this patch is
	ready.

0002-User-namespace-don-t-allow-sysctl-in-non-init-user-n.patch
	This prevents root in a child user namespace from man-handling
	sysctls.  With this patch, a task in a child user namespace
	will only get the world access rights to sysctls.

0003-user-namespace-clamp-down-users-of-cap_raised.patch
	This clamps down on cases where privilege to your own user
	namespace were checked for access to the initial user namespace.

0004-Add-Documentation-namespaces-user_namespace.txt-v3.patch
	Documentation.

0005-user-namespace-make-each-net-net_ns-belong-to-a-user.patch
	This adds a struct user_namespace pointer to the net_ns for use
	by later patches.

0006-protect-cap_netlink_recv-from-user-namespaces.patch
	Now that net_ns is owned by a user_ns, cap_netlink_recv() can
	target privilege checks to the user_ns owning the resource.  The
	current check against current_cap() is unsafe.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ