| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Jan 2016 23:55:05 +0100 From: Robert Święcki <robert@...ecki.net> To: Kees Cook <keescook@...omium.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk>, Richard Weinberger <richard@....at>, "Eric W. Biederman" <ebiederm@...ssion.com>, Andy Lutomirski <luto@...capital.net>, Dmitry Vyukov <dvyukov@...gle.com>, David Howells <dhowells@...hat.com>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Eric Dumazet <edumazet@...gle.com>, Sasha Levin <sasha.levin@...cle.com>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled 2016-01-22 23:50 GMT+01:00 Kees Cook <keescook@...omium.org>: >> Seems that Debian and some older Ubuntu versions are already using >> >> $ sysctl -a | grep usern >> kernel.unprivileged_userns_clone = 0 >> >> Shall we be consistent wit it? > > Oh! I didn't see that on systems I checked. On which version did you find that? $ uname -a Linux bc1 4.3.0-0.bpo.1-amd64 #1 SMP Debian 4.3.3-5~bpo8+1 (2016-01-07) x86_64 GNU/Linux $ cat /etc/debian_version 8.2 IIRC some older kernels delivered with Ubuntu Precise were also using it (but maybe I'm mistaken) -- Robert Święcki
Powered by blists - more mailing lists