Re: [ 109/171 ] userns: Dont allow creation if the user is chrooted

[Luis Henriques]

On Tue, Oct 22, 2013 at 10:45:45AM -0700, Eric W. Biederman wrote:
> Luis Henriques <luis.henriques@xxxxxxxxxxxxx> writes:
> 
> > On Thu, Apr 11, 2013 at 04:26:52PM -0400, Steven Rostedt wrote:
> >> 3.6.11.2 stable review patch.
> >> If anyone has any objections, please let me know.
> >> 
> >> ------------------
> >> 
> >> From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> >> 
> >> [ Upstream commit 3151527ee007b73a0ebd296010f1c0454a919c7d ]
> >
> > While looking at some security bugs, I came across this one
> > (CVE-2013-1956).  All the references I could find refer to the 3.8
> > kernel only, and this was the only backport I could find to older
> > stable kernels.
> >
> > Could someone clarify if this fix should be included in other stable
> > kernels?  Or the only affected kernels were the 3.8.0 to 3.8.5?
> 
> Strictly speaking there are older kernels affected.  I think it was 3.5
> that had my earliest user namespace bits, and this bug came in with the
> first of those bits.  However prior to 3.8 simply not enough things were
> converted for most people to build a kernel with user namespaces
> enabled.  I don't think distro's will have user namespaces enabled prior
> to 3.12 as that is when xfs the last hold out was finally converted.
> 
> Eric

That makes perfect sense to me.  Thanks a lot for the clarification,
Eric.

Cheers,
--
Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/