Eric Van Hensbergen wrote: > Somewhat related question for Viro/the group: > > Why is CLONE_NEWNS considered a priveledged operation? Would placing > limits on the number of private namespaces a user can own solve any > resource concerns or is there something more nefarious I'm missing? > - > To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html >
Likely because its a chroot vulnerability. It allows a process to obtain a reference to the root vfsmount that doesn't have chroot checks performed on it. Consider the following pseudo example: main(): chdir("/"); fd = open(".", O_RDONLY); clone(cloned_func, cloned_stack, CLONE_NEWNS, NULL); cloned_func: fchdir(fd); chdir(".."); if main is run within a chroot where it's "/" is on the same vfsmount as it's "..", then the application can step out of the chroot using clone(2). Note: using chdir in a vfsmount outside of your namespace works, however you won't be able to walk off that vfsmount (to its parent or children). Mike Waychison - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/