Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Jun 2014 14:49:03 -0700
From: Andy Lutomirski <luto@...capital.net>
To: oss-security@...ts.openwall.com
Subject: CVE-2014-4014: Linux kernel user namespace bug

The internal function inode_capable was used inappropriately.
Depending on configuration, this may be usable to escalate privileges.
A cursory inspection of my Fedora box suggests that it is not
vulnerable to the obvious way to exploit this bug.

The fix should appear in Linus' -master shortly, and it's tagged for
stable.  In the mean time, I've attached it here.

I'll follow up in a day or two with a description of the actual bug,
or one of you can try to beat me to it.

--Andy

View attachment "0001-fs-userns-Change-inode_capable-to-capable_wrt_inode_.patch" of type "text/x-diff" (7387 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ