| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1344632282.9131.5.camel@lenny> Date: Fri, 10 Aug 2012 16:58:02 -0400 From: Colin Walters <walters@...bum.org> To: linux-kernel@...r.kernel.org Cc: luto@...capital.net Subject: linux-user-chroot 2012.2 Hi, This is the release of linux-user-chroot 2012.2. The major change now is that it makes use of Andy's new PR_SET_NO_NEW_PRIVS. This doesn't close any security hole I'm aware of - our previous use of the MS_NOSUID bind mount over / should work - but, belt and suspenders as they say. The code: http://git.gnome.org/browse/linux-user-chroot/commit/?id=515c714471d0b5923f6633ef44a2270b23656ee9 As for how linux-user-chroot and PR_SET_NO_NEW_PRIVS relate, see this thread: http://thread.gmane.org/gmane.linux.kernel.lsm/15339 Summary ------- This tool allows regular (non-root) users to call chroot(2), create Linux bind mounts, and use some Linux container features. It's primarily intended for use by build systems. Project information ------------------- There's no web page yet; send patches to Colin Walters <walters@...bum.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists