On Thu, Mar 14, 2013 at 1:29 PM, Eric W. Biederman
wrote:
> Andy Lutomirski writes:
>
>> On 03/13/2013 11:35 AM, Eric W. Biederman wrote:
>>> Kees Cook writes:
>>>
Hi,
It seem like we should block (at least) this combination. On 3.9, this
exploit works once uidmapping is
Andy Lutomirski writes:
> On 03/13/2013 11:35 AM, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>>> Hi,
>>>
>>> It seem like we should block (at least) this combination. On 3.9, this
>>> exploit works once uidmapping is added.
>>>
>>> http://www.openwall.com/lists/oss-security/2013/03/13/10
Andy Lutomirski l...@amacapital.net writes:
On 03/13/2013 11:35 AM, Eric W. Biederman wrote:
Kees Cook keescook-f7+t8e8rja9g9huczpv...@public.gmane.org writes:
Hi,
It seem like we should block (at least) this combination. On 3.9, this
exploit works once uidmapping is added.
On Thu, Mar 14, 2013 at 1:29 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Andy Lutomirski l...@amacapital.net writes:
On 03/13/2013 11:35 AM, Eric W. Biederman wrote:
Kees Cook keescook-f7+t8e8rja9g9huczpv...@public.gmane.org writes:
Hi,
It seem like we should block (at least) this
On 03/13/2013 11:35 AM, Eric W. Biederman wrote:
> Kees Cook writes:
>
>> Hi,
>>
>> It seem like we should block (at least) this combination. On 3.9, this
>> exploit works once uidmapping is added.
>>
>> http://www.openwall.com/lists/oss-security/2013/03/13/10
>
> Yes. That is a bad
Kees Cook writes:
> Hi,
>
> It seem like we should block (at least) this combination. On 3.9, this
> exploit works once uidmapping is added.
>
> http://www.openwall.com/lists/oss-security/2013/03/13/10
Yes. That is a bad combination. It let's chroot confuse privileged
processes.
Now to
To: oss-secur...@lists.openwall.com
Subject: [oss-security] CLONE_NEWUSER|CLONE_FS root exploit
Envelope-To: k...@outflux.net
Hi,
Seems like CLONE_NEWUSER|CLONE_FS might be a forbidden
combination.
During evaluating the new user namespace thingie, it turned out
that its trivially exploitable
On 03/13/2013 11:35 AM, Eric W. Biederman wrote:
Kees Cook keescook-f7+t8e8rja9g9huczpv...@public.gmane.org writes:
Hi,
It seem like we should block (at least) this combination. On 3.9, this
exploit works once uidmapping is added.
http://www.openwall.com/lists/oss-security/2013/03/13/10
: Sebastian Krahmer krah...@suse.de
To: oss-secur...@lists.openwall.com
Subject: [oss-security] CLONE_NEWUSER|CLONE_FS root exploit
Envelope-To: k...@outflux.net
Hi,
Seems like CLONE_NEWUSER|CLONE_FS might be a forbidden
combination.
During evaluating the new user namespace thingie, it turned out
Kees Cook keesc...@chromium.org writes:
Hi,
It seem like we should block (at least) this combination. On 3.9, this
exploit works once uidmapping is added.
http://www.openwall.com/lists/oss-security/2013/03/13/10
Yes. That is a bad combination. It let's chroot confuse privileged
10 matches
Mail list logo
