lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 01 Apr 2019 10:47:11 +0200 From: Yann Droneaud <ydroneaud@...eya.com> To: Jann Horn <jannh@...gle.com>, Christian Brauner <christian@...uner.io> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Andy Lutomirski <luto@...capital.net>, Daniel Colascione <dancol@...gle.com>, Andrew Lutomirski <luto@...nel.org>, David Howells <dhowells@...hat.com>, "Serge E. Hallyn" <serge@...lyn.com>, Linux API <linux-api@...r.kernel.org>, Linux List Kernel Mailing <linux-kernel@...r.kernel.org>, Arnd Bergmann <arnd@...db.de>, "Eric W. Biederman" <ebiederm@...ssion.com>, Konstantin Khlebnikov <khlebnikov@...dex-team.ru>, Kees Cook <keescook@...omium.org>, Alexey Dobriyan <adobriyan@...il.com>, Thomas Gleixner <tglx@...utronix.de>, Michael Kerrisk-manpages <mtk.manpages@...il.com>, Jonathan Kowalski <bl0pbl33p@...il.com>, "Dmitry V. Levin" <ldv@...linux.org>, Andrew Morton <akpm@...ux-foundation.org>, Oleg Nesterov <oleg@...hat.com>, Nagarathnam Muthusamy <nagarathnam.muthusamy@...cle.com>, Aleksa Sarai <cyphar@...har.com>, Al Viro <viro@...iv.linux.org.uk>, Joel Fernandes <joel@...lfernandes.org> Subject: Re: [PATCH v2 0/5] pid: add pidfd_open() Hi, Le lundi 01 avril 2019 à 02:52 +0200, Jann Horn a écrit : > One minor detail to keep in mind for the future is that in a > straightforward implementation of this concept, if a non-capable > process is running in a mount namespace, but in the initial network > namespace, without any reachable /proc mount, it will be able to look > at information about other processes' network connections by first > using pidfd_open() on itself or by using clone(CLONE_PIDFD), then > looking at the "net" directory under the resulting file descriptor. I also think it would punch a hole in chroot() ... (but in 2019, nobody should rely on it for security purpose). Regards. -- Yann Droneaud OPTEYA
Powered by blists - more mailing lists