On 04/13/2013 07:16 PM, Andy Lutomirski wrote:
I previously reported these bugs privatley. I'm summarizing them for the historical record. These bugs were never exploitable on a default-configured released kernel, but some 3.8 versions are vulnerable depending on configuration.
Looking at this list, is there some way to restrict this new functionality to, say, membership in a certain group? At present, most system users (daemons) do not need this functionality, so it would make sense to restrict access to it.
Or is the expectation that we disable CONFIG_USER_NS until things stabilize further?
-- Florian Weimer / Red Hat Product Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
