Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()

From: stsp
Date: Tue May 07 2024 - 05:03:26 EST

Next message: Oscar Salvador: "Re: [PATCH 1/3] mm/memory-failure: try to send SIGBUS even if unmap failed"
Previous message: Jiaxun Yang: "[PATCH 5/5] MIPS: cm: Probe GCR address from DeviceTree"
In reply to: Aleksa Sarai: "Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Next in thread: Aleksa Sarai: "Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

07.05.2024 10:50, Aleksa Sarai пишет:

If you are a privileged process which plans to change users,

Not privileged at all.
But I think what you say is still possible
with userns?

A new attack I just thought of while writing this mail is that because
there is no RESOLVE_NO_XDEV requirement, it should be possible for the
process to get an arbitrary write primitive by creating a new
userns+mountns and then bind-mounting / underneath the directory.

Doesn't this need a write perm to a
directory? In his case this is not a threat,
because you are not supposed to have a
write perm to that dir. OA2_CRED_INHERIT
is the only way to write.

Next message: Oscar Salvador: "Re: [PATCH 1/3] mm/memory-failure: try to send SIGBUS even if unmap failed"
Previous message: Jiaxun Yang: "[PATCH 5/5] MIPS: cm: Probe GCR address from DeviceTree"
In reply to: Aleksa Sarai: "Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Next in thread: Aleksa Sarai: "Re: [PATCH v6 0/3] implement OA2_CRED_INHERIT flag for openat2()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]