*** This bug is a security vulnerability *** Public security bug reported:
Please find a way to stop https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo/blob/main/aa- rootns.c from working. See also https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/2151831 but the apparmor_restrict_unprivileged_userns bypass is separate from the copy.fail or dirty frag vulnerabilities. This doesn't affect me because I disabled that sysctl to make unshare work, but a fix would reduce the attack surface for others. If a fix isn't readily available, then please disable that sysctl to reduce inconvenience and the illusion of security. ** Affects: apparmor Importance: Undecided Status: New ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security ** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2151842 Title: aa-rootns.c bypasses apparmor_restrict_unprivileged_userns To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2151842/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
