date:20160124

Re: [kernel-hardening] Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-24 Thread Andy Lutomirski

On Sun, Jan 24, 2016 at 12:59 PM, Kees Cook wrote: > On Fri, Jan 22, 2016 at 4:59 PM, Ben Hutchings wrote: >> On Fri, 2016-01-22 at 15:00 -0800, Kees Cook wrote: >>> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: >>> >

Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-24 Thread Andy Lutomirski

On Fri, Jan 22, 2016 at 7:02 PM, Eric W. Biederman wrote: > Kees Cook writes: > >> There continues to be unexpected side-effects and security exposures >> via CLONE_NEWUSER. For many end-users running distro kernels with >> CONFIG_USER_NS enabled,

Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-24 Thread Kees Cook

On Fri, Jan 22, 2016 at 7:02 PM, Eric W. Biederman wrote: > Kees Cook writes: > >> There continues to be unexpected side-effects and security exposures >> via CLONE_NEWUSER. For many end-users running distro kernels with >> CONFIG_USER_NS enabled,

Re: [kernel-hardening] Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-24 Thread Kees Cook

On Fri, Jan 22, 2016 at 4:59 PM, Ben Hutchings wrote: > On Fri, 2016-01-22 at 15:00 -0800, Kees Cook wrote: >> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: >> > 2016-01-22 23:50 GMT+01:00 Kees Cook : >> > >> > > > Seems