Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Apr 2013 12:46:06 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Andy Lutomirski <luto@...capital.net>,
        Brian Martin <brian@...nsecurityfoundation.org>
Subject: Re: Re: Summary of security bugs (now fixed) in user
 namespaces

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/16/2013 11:34 AM, Andy Lutomirski wrote:
> On Tue, Apr 16, 2013 at 2:01 AM, Kurt Seifried
> <kseifried@...hat.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 04/15/2013 04:45 PM, Andy Lutomirski wrote:
>>> On Mon, Apr 15, 2013 at 3:34 PM, Brian Martin 
>>> <brian@...nsecurityfoundation.org> wrote:
>>>> 
>>>> Andy;
>>>> 
>>>> : I previously reported these bugs privatley.  I'm
>>>> summarizing them for
>>>> 
>>>> : the historical record.  These bugs were never exploitable
>>>> on a : default-configured released kernel, but some 3.8
>>>> versions are : vulnerable depending on configuration.
>>>> 
>>>> Do you know if these were patched, and therefore possibly 
>>>> disclosed via the commits? With these details, it is
>>>> difficult to line them up to existing reports.
>>> 
>>> Bug 1 should be fixed in:
>>> 
>>> commit 3151527ee007b73a0ebd296010f1c0454a919c7d Author: Eric
>>> W. Biederman <ebiederm@...ssion.com> Date:   Fri Mar 15
>>> 01:45:51 2013 -0700
>>> 
>>> userns:  Don't allow creation if the user is chrooted
>> 
>> Can you confirm this has no CVE?

Please use CVE-2013-1956 for Linux Kernel namespaces userns:  Don't
allow creation if the user is chrooted

>> 
>>> Bug 2 is should be fixed by these:
>>> 
>>> commit 90563b198e4c6674c63672fae1923da467215f45 Author: Eric
>>> W. Biederman <ebiederm@...ssion.com> Date:   Fri Mar 22
>>> 03:10:15 2013 -0700
>>> 
>>> vfs: Add a mount flag to lock read only bind mounts
>>> 
>>> commit 132c94e31b8bca8ea921f9f96a57d684fa4ae0a9 Author: Eric
>>> W. Biederman <ebiederm@...ssion.com> Date:   Fri Mar 22
>>> 04:08:05 2013 -0700
>>> 
>>> vfs: Carefully propogate mounts across user namespaces
>> 
>> Can you confirm this has no CVE?

Please use CVE-2013-1957 for Linux Kernel namespaces vfs: Carefully
propogate mounts across user namespaces


>> 
>>> Bug 3 should be fixed in:
>>> 
>>> commit 92f28d973cce45ef5823209aab3138eb45d8b349 Author: Eric
>>> W. Biederman <ebiederm@...ssion.com> Date:   Fri Mar 15
>>> 01:03:33 2013 -0700
>>> 
>>> scm: Require CAP_SYS_ADMIN over the current pidns to spoof
>>> pids.
>> 
>> Can you confirm this has no CVE?
>> 

Please use CVE-2013-1958 for Linux Kernel namespaces scm: Require
CAP_SYS_ADMIN over the current pidns to spoof pids


As for the fourth bug he sent me details privately and a CVE was assigned.

> --Andy
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRbZxuAAoJEBYNRVNeJnmTBf0P/iSfWW//lBQGsljdiadvlbsN
RwFJMk5K1E/fIRm6OOHZljrpsMelxQMHZHMZvyo1RE8HEHjO/v7XuWLzewFFKB3b
N4ALuNXl3pA6fJmSCfo0WCO17ilBRiliLVcGyaW9ChHEvUQXZqwUs69wFu6uluPr
AJjRXUbEiUI3/7SfKD7QjlAAHAuZ6EHO6zWej8Apc5LnDlyxOnEEgUfYaRulgevw
iAb0w5e3wA+MMjuqPdxrS9hhjQTWTzUHTm+b4kXaD++5OypI/cEwNU7iuwcYEE/i
T1WKgsDu+babpu+Izo3XjSlQIFHURB4cMyKlaNESJ+h0Rnm1l/OT+VEEWE3inWK/
UEaFoFBUxe58oqCt+f9wouIFYB5z9fbg+mlcbtnFpb29j6xUI/hJzcbmjxwlxMp8
0cgfYEea6dqyRxpkYoQKlowUtlfBx3omjieCLiAifY+WnGvmWgvd1FzC3zZ2nBFn
kjwnnaFFxI9y6pX3QnXT+MFPqxNUHyVwNwc4GJErza0WfZuUBzZZk+Dfr6ZGLLGw
FKJq2OmhI/nUES7PWGuech/UpvRrW9mJQWUnHEwyYSjCNz0pCa6UiS442pL7mutw
G3Hs8JDMCWBHsVsetYKhEsSbdIr0qGLaVKDJKdbFN9NelZTXqgp/NRegtFNNMci3
nU/3Fi8qsBf3m3aquJBZ
=RRBe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ