Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <516D41C5.9080009@redhat.com>
Date: Tue, 16 Apr 2013 14:19:17 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
CC: Andy Lutomirski <luto@...capital.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: Summary of security bugs (now fixed) in user namespaces

On 04/13/2013 07:16 PM, Andy Lutomirski wrote:
> I previously reported these bugs privatley.  I'm summarizing them for
> the historical record.  These bugs were never exploitable on a
> default-configured released kernel, but some 3.8 versions are
> vulnerable depending on configuration.

Looking at this list, is there some way to restrict this new 
functionality to, say, membership in a certain group?  At present, most 
system users (daemons) do not need this functionality, so it would make 
sense to restrict access to it.

Or is the expectation that we disable CONFIG_USER_NS until things 
stabilize further?

-- 
Florian Weimer / Red Hat Product Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.