Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Dec 2015 07:44:39 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux kernel: privilege escalation
 in user namespaces

Hi,

On Thu, Dec 17, 2015 at 02:39:58PM -0800, John Johansen wrote:
> Hi,
> 
> I haven't seen CVE request for this one yet so,
> 
> Jann Horn reported a privilege escalation in user namespaces to the
> lkml mailing list
> 
> https://lkml.org/lkml/2015/12/12/259
> 
> if a root-owned process wants to enter a user
> namespace for some reason without knowing who owns it and
> therefore can't change to the namespace owner's uid and gid
> before entering, as soon as it has entered the namespace,
> the namespace owner can attach to it via ptrace and thereby
> gain access to its uid and gid.

FTR: There is an iteration to the initial patch, submitted further
down in the thread: https://lkml.org/lkml/2015/12/25/71 but it is not
yet merged in Linus tree.

@MITRE CVE assignment team: Can a CVE be assigned or is something more
needed here?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ