Date: Thu, 9 Nov 2017 10:14:22 -0600 From: "Serge E. Hallyn" <serge@...lyn.com> To: Mahesh Bandewar (महेश बंडेवार) <maheshb@...gle.com> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Christian Brauner <christian.brauner@...onical.com>, Boris Lukashev <blukashev@...pervictus.com>, Daniel Micay <danielmicay@...il.com>, Mahesh Bandewar <mahesh@...dewar.net>, LKML <linux-kernel@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, Kernel-hardening <kernel-hardening@...ts.openwall.com>, Linux API <linux-api@...r.kernel.org>, Kees Cook <keescook@...omium.org>, "Eric W . Biederman" <ebiederm@...ssion.com>, Eric Dumazet <edumazet@...gle.com>, David Miller <davem@...emloft.net> Subject: Re: Re: [PATCH resend 2/2] userns: control capabilities of some user namespaces Quoting Mahesh Bandewar (महेश बंडेवार) (maheshb@...gle.com): > Of course. Let's take an example of the CVE that I have mentioned in > my cover-letter - > CVE-2017-7308(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7308). > It's well documented and even has a > exploit(https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308) > c-program that can demonstrate how it can be used against non-patched > kernel. There is very nice blog > post(https://googleprojectzero.blogspot.kr/2017/05/exploiting-linux-kernel-via-packet.html) > about this vulnerability by Andrey Konovalov. Ok, thanks. It's a good example because the fix for this CVE actually came by itself (http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/tree/debian.master/changelog). Normally multiple CVEs come at the same time, which would make a workaround for one now helpful. This is a good counter-example. I'm going to maintain that I really don't like this. But it looks useful, so ack on the concept, I'll just have to look again at the code now. Thanks for indulging me. -serge
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.