| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Apr 2013 14:19:17 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com CC: Andy Lutomirski <luto@...capital.net>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [oss-security] Summary of security bugs (now fixed) in user namespaces On 04/13/2013 07:16 PM, Andy Lutomirski wrote: > I previously reported these bugs privatley. I'm summarizing them for > the historical record. These bugs were never exploitable on a > default-configured released kernel, but some 3.8 versions are > vulnerable depending on configuration. Looking at this list, is there some way to restrict this new functionality to, say, membership in a certain group? At present, most system users (daemons) do not need this functionality, so it would make sense to restrict access to it. Or is the expectation that we disable CONFIG_USER_NS until things stabilize further? -- Florian Weimer / Red Hat Product Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists