path: root/retired/CVE-2015-8709

Description: privileged process entering userns can be ptraced by userns owner
References:
 https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1527374
 https://lkml.org/lkml/2015/12/25/71
Notes:
 bwh> CVE requested at http://www.openwall.com/lists/oss-security/2015/12/17/12
 bwh> This was initially rejected as an upstream kernel bug, but I believe it
 bwh> was eventually fixed upstream as noted below.
 bwh> Dependencies:
 bwh> 3dfb7d8cdbc7 security: let security modules use PTRACE_MODE_* with bitmasks
 bwh> caaee6234d05 ptrace: use fsuid, fsgid, effective creds for fs access checks
 bwh> Related:
 bwh> 64b875f7ac8a ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
 bwh> 84d77d3f06e7 ptrace: Don't allow accessing an undumpable mm
 bwh> f84df2a6f268 exec: Ensure mm->user_ns contains the execed files
 bwh> 613cc2b6f272 fs: exec: apply CLOEXEC before changing dumpable task flags
Bugs:
upstream: released (4.10-rc1) [bfedb589252c01fa505ac9f6f2a3d5d68d707ef4]
4.9-upstream-stable: released (4.9.1) [694a95fa6dae4991f16cda333d897ea063021fed]
3.16-upstream-stable: released (3.16.52) [d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12]
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.3.3-3) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
4.9-stretch-security: N/A "Fixed before branching point"
3.16-jessie-security: released (3.16.7-ckt20-1+deb8u2) [bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch]
3.2-wheezy-security: N/A "Vulnerable code not present"