Date: Fri, 17 Apr 2015 11:44:14 -0400 From: Eric Windisch <eric@...disch.us> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: USERNS allows circumventing MNT_LOCKED In October 2014, Andrey Vagin reported to the Linux Containers list that it would be possible to use user namespaces to circumvent MNT_LOCKED and allow unprivileged users to access the directory structure underneath of mounts. A PoC was also produced and is public. Patches are now available and proposed to Linus. This may not simply be information disclosure, but containerized environments may through chroot and mount namespaces mask directory structures as read-only or inaccessible via the use of bind-mounts. Such read-only masking may be circumvented by this vulnerability on systems where these directories are not otherwise protected by MAC (i.e. SELinux or AppArmor). Regards, Eric Windisch  https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs  http://www.spinics.net/lists/linux-containers/msg30786.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ