blob: 826be1c6b817b162c6c08cb934e6ccc16bd46f81 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: incorrect unprivileged overlayfs permission checking
References:
https://www.openwall.com/lists/oss-security/2020/10/13/6
Notes:
carnil> Additionally to the three fixing commits
carnil> 130fdbc3d1f9966dd4230709c30f3768bccd3065 ("ovl: pass correct
carnil> flags for opening real directory") and
carnil> 292f902a40c11f043a5ca1305a114da0e523eaa3 ("ovl: call secutiry
carnil> hook in ovl_real_ioctl()") might be wanted (see oss-security
carnil> post).
carnil> Only exploitable when unprivileged user namespaces are enabled.
Bugs:
upstream: released (5.8-rc1) [48bd024b8a40d73ad6b086de2615738da0c7004f, 56230d956739b9cb1cbde439d76227d77979a04d, 05acefb4872dae89e772729efb194af754c877e8]
4.19-upstream-stable:
4.9-upstream-stable:
sid:
4.19-buster-security:
4.9-stretch-security:
|
