Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Nov 2017 10:14:22 -0600
From: "Serge E. Hallyn" <>
To: Mahesh Bandewar (महेश बंडेवार) <>
Cc: "Serge E. Hallyn" <>,
	Christian Brauner <>,
	Boris Lukashev <>,
	Daniel Micay <>,
	Mahesh Bandewar <>,
	LKML <>,
	Netdev <>,
	Kernel-hardening <>,
	Linux API <>,
	Kees Cook <>,
	"Eric W . Biederman" <>,
	Eric Dumazet <>,
	David Miller <>
Subject: Re: Re: [PATCH resend 2/2] userns: control
 capabilities of some user namespaces

Quoting Mahesh Bandewar (महेश बंडेवार) (
> Of course. Let's take an example of the CVE that I have mentioned in
> my cover-letter -
> CVE-2017-7308(
> It's well documented and even has a
> exploit(
> c-program that can demonstrate how it can be used against non-patched
> kernel. There is very nice blog
> post(
> about this vulnerability by Andrey Konovalov.

Ok, thanks.  It's a good example because the fix for this CVE actually
came by itself (
Normally multiple CVEs come at the same time, which would make a
workaround for one now helpful.  This is a good counter-example.

I'm going to maintain that I really don't like this.  But it looks
useful, so ack on the concept, I'll just have to look again at the
code now.  Thanks for indulging me.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.