Re: [PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-14 Thread kbuild test robot
Hi Xin, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.19-rc3 next-20180913] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

Re: [PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-14 Thread Jann Horn
On Fri, Sep 14, 2018 at 1:14 PM My Name <18650033...@163.com> wrote: > Adversaries often attack the Linux kernel via using > commit_creds(prepare_kernel_cred(0)) to submit ROOT > credential for the purpose of privilege escalation. > For processes inside the Linux container, the above > approach

[PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-14 Thread My Name
From: Xin Lin <18650033...@163.com> Adversaries often attack the Linux kernel via using commit_creds(prepare_kernel_cred(0)) to submit ROOT credential for the purpose of privilege escalation. For processes inside the Linux container, the above approach also works, because the container and the

Re: [PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-14 Thread kbuild test robot
Hi Xin, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.19-rc3 next-20180913] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

[PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-14 Thread My Name
From: Xin Lin <18650033...@163.com> Adversaries often attack the Linux kernel via using commit_creds(prepare_kernel_cred(0)) to submit ROOT credential for the purpose of privilege escalation. For processes inside the Linux container, the above approach also works, because the container and the

[PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-12 Thread My Name
From: Xin Lin <18650033...@163.com> Adversaries often attack the Linux kernel via using commit_creds(prepare_kernel_cred(0)) to submit ROOT credential for the purpose of privilege escalation. For processes inside the Linux container, the above approach also works, because the container and the

[PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-11 Thread My Name
From: Xin Lin <18650033...@163.com> Adversaries often attack the Linux kernel via using commit_creds(prepare_kernel_cred(0)) to submit ROOT credential for the purpose of privilege escalation. For processes inside the Linux container, the above approach also works, because the container and the

Re: [PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-11 Thread kbuild test robot
Hi Xin, Thank you for the patch! Yet something to improve: [auto build test ERROR on linus/master] [also build test ERROR on v4.19-rc3 next-20180910] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

Re: [PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-11 Thread kbuild test robot
Hi Xin, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on linus/master] [also build test WARNING on v4.19-rc3 next-20180910] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url:

[PATCH] kernel: prevent submission of creds with higher privileges inside container

2018-09-10 Thread My Name
From: Xin Lin <18650033...@163.com> Adversaries often attack the Linux kernel via using commit_creds(prepare_kernel_cred(0)) to submit ROOT credential for the purpose of privilege escalation. For processes inside the Linux container, the above approach also works, because the container and the