Date: Mon, 28 Dec 2015 07:44:39 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Hi, On Thu, Dec 17, 2015 at 02:39:58PM -0800, John Johansen wrote: > Hi, > > I haven't seen CVE request for this one yet so, > > Jann Horn reported a privilege escalation in user namespaces to the > lkml mailing list > > https://lkml.org/lkml/2015/12/12/259 > > if a root-owned process wants to enter a user > namespace for some reason without knowing who owns it and > therefore can't change to the namespace owner's uid and gid > before entering, as soon as it has entered the namespace, > the namespace owner can attach to it via ptrace and thereby > gain access to its uid and gid. FTR: There is an iteration to the initial patch, submitted further down in the thread: https://lkml.org/lkml/2015/12/25/71 but it is not yet merged in Linus tree. @MITRE CVE assignment team: Can a CVE be assigned or is something more needed here? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ