On Thu, May 01, 2014 at 04:57:13PM -0700, Andy Lutomirski wrote:
> Suppose I bind-mount /usr into a private namespace with
> nosuid,nodev,ro. How can you use it to attack anything? The only
> thing I've thought of is to open fifos and connect to sockets. I'm
> assuming that there's a pid namesp
On Thu, May 1, 2014 at 4:51 PM, Al Viro wrote:
> On Thu, May 01, 2014 at 04:00:49PM -0700, Andy Lutomirski wrote:
>> On Thu, May 1, 2014 at 3:34 PM, Al Viro wrote:
>> > On Thu, May 01, 2014 at 03:20:00PM -0700, Andy Lutomirski wrote:
>> >> Is it supposed to work?
>> >
>> > Why the hell not? Same
On Thu, May 01, 2014 at 04:00:49PM -0700, Andy Lutomirski wrote:
> On Thu, May 1, 2014 at 3:34 PM, Al Viro wrote:
> > On Thu, May 01, 2014 at 03:20:00PM -0700, Andy Lutomirski wrote:
> >> Is it supposed to work?
> >
> > Why the hell not? Same as opening a device node on r/o filesystem for
> > wri
On Thu, May 1, 2014 at 3:34 PM, Al Viro wrote:
> On Thu, May 01, 2014 at 03:20:00PM -0700, Andy Lutomirski wrote:
>> Is it supposed to work?
>
> Why the hell not? Same as opening a device node on r/o filesystem for
> write, or doing the same with FIFO.
You can't bind a socket on a read-only fs,
On Thu, May 01, 2014 at 03:20:00PM -0700, Andy Lutomirski wrote:
> Is it supposed to work?
Why the hell not? Same as opening a device node on r/o filesystem for
write, or doing the same with FIFO.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message
Is it supposed to work? It does, but this seems odd. If the current
behavior is intentional, then I'll submit a patch to add a new mount
flag to turn off ipc. If it's not, then I'll submit a patch to fix
it.
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send
6 matches
Mail list logo