Woops! Forgot attaching. sf...@users.sourceforge.net: > > Hello all, > > Have you heard about the latest overlayfs security problem? > > http://www.halfdog.net/Security/2015/UserNamespaceOverlayfsSetuidWriteExec/ > > The problem is already fixed in mainline. > I am afraid that aufs might have a similar problem, paricularly when the > module paramter 'allow_userns' is set to 1. Actually I've tried > reproducing the problem on my test pc, but failed. I am afraid I don't > understand the detail yet. > > If you can (anyone in this ML), please try reproducing the problem. > Because this is a security problem and I want to really make it > sure. I'd like to ask a help from users. If you have some time to try, > please do it and report the result to this ML. > > 1. get the test-program UserNamespaceOverlayfsSetuidWriteExec.c from the > above URL. > 2. reproduce the problem by overlayfs (without modifying the TP) > 3. modify the TP in order to use aufs (like the patch attached). > 4. try reproducing the problem by aufs with two cases, > + allow_userns=1 > + allow_userns=0 > 5. report the result to this ML. > > > Thank you > J. R. Okajima
a.patch.bz2
Description: BZip2 compressed data
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
