Hi, cool stuff :)
Good news is that only a user with CAP_SYS_ADMIN in the initial user namespace can trigger this. https://github.com/torvalds/linux/blob/07d9df80082b8d1f37e05658371b087cb6738770/mm/madvise.c#L1448 In unprivileged (default) container you'll get (from strace): ======================================================= arch_prctl(ARCH_SET_FS, 0x7f75b34a4740) = 0 set_tid_address(0x7f75b34a4a10) = 2291 set_robust_list(0x7f75b34a4a20, 24) = 0 rseq(0x7f75b34a50e0, 0x20, 0, 0x53053053) = 0 mprotect(0x7f75b3416000, 16384, PROT_READ) = 0 mprotect(0x564c46c7a000, 4096, PROT_READ) = 0 mprotect(0x7f75b34ef000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7f75b34a7000, 21712) = 0 madvise(0x7f75b34b5000, 4096, MADV_HWPOISON) = -1 EPERM (Operation not permitted) exit_group(0) = ? +++ exited with 0 +++ ======================================================= >It can be also run inside a root container, for example inside lxd and this causes out-side-of-container userspace breakage too. By "root container" you mean security.privileged=true? It is the same as root on the host, basically. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121542 Title: MADV_HWPOISON on vdso is pretty dire, can be done within a container for system denial of service attack To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2121542/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
