Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > On Tue, Oct 7, 2014 at 2:42 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: >> >> I am squinting and looking this way and that but while I can imagine >> someone more clever than I can think up some unique property of rootfs >> that makes it a little more exploitable than just mounting a ramfs, >> but since you have to be root to exploit those properties I think the >> game is pretty much lost. > > Yes. rootfs might not be empty, it might have totally insane > permissions, and it's globally shared, which makes it into a wonderful > channel to pass things around that shouldn't be passed around. But if only root with proc mounted can reach it... I don't know. There might be a case for setting MNT_LOCKED when we overmount "/" as root but I don't yet see it. > Can non-root do this? You'd need to be in a userns with a "/" that > isn't MNT_LOCKED. Can this happen on any normal setup? > > FWIW, I think we should unconditionally MNT_LOCKED the root on userns > unshare, even if it's the only mount. To the best of my knowledge MNT_LOCKED is set uncondintially on userns unshare. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html