Re: Keyrings, user namespaces and the user_struct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Jann Horn <jann@xxxxxxxxx>
Subject: Re: Keyrings, user namespaces and the user_struct
From: David Howells <dhowells@xxxxxxxxxx>
Date: Wed, 26 Oct 2016 15:48:58 +0100
Cc: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, Linux Containers <containers@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Eric Paris <eparis@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, dhowells@xxxxxxxxxx, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, keyrings@xxxxxxxxxxxxxxx, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, simo@xxxxxxxxxx
In-reply-to: <20161026143856.GL3334@pc.thejh.net>
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903
References: <20161026143856.GL3334@pc.thejh.net> <CALCETrU0PqNYmWx70pugkhj-kAD5DSzSi3swhK+v12WMYZYUZA@mail.gmail.com> <17576.1477412418@warthog.procyon.org.uk> <18335.1477414412@warthog.procyon.org.uk> <1477414605.3079.40.camel@HansenPartnership.com> <20161025170602.GB24481@laptop.thejh.net> <1477418708.3079.52.camel@HansenPartnership.com> <20161025181735.GC24481@laptop.thejh.net> <9243.1477492490@warthog.procyon.org.uk>

Jann Horn <jann@xxxxxxxxx> wrote:

> find_keyring_by_name() checks that the UID of the keyring's owner is mapped into
> the current user namespace. But that doesn't catch the scenario I described:
> The keyring is created in an attacker-created namespace and looked up from the
> init namespace, into which all kuids are mapped.

Ah - gotcha.

David
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers

Follow-Ups:
- Re: Keyrings, user namespaces and the user_struct
  - From: David Howells
- Re: Keyrings, user namespaces and the user_struct
  - From: David Howells
- Re: Keyrings, user namespaces and the user_struct
  - From: Eric W. Biederman

References:
- Re: Keyrings, user namespaces and the user_struct
  - From: Jann Horn
- Re: Keyrings, user namespaces and the user_struct
  - From: Andy Lutomirski
- Keyrings, user namespaces and the user_struct
  - From: David Howells
- Re: Keyrings, user namespaces and the user_struct
  - From: David Howells
- Re: Keyrings, user namespaces and the user_struct
  - From: James Bottomley
- Re: Keyrings, user namespaces and the user_struct
  - From: Jann Horn
- Re: Keyrings, user namespaces and the user_struct
  - From: James Bottomley
- Re: Keyrings, user namespaces and the user_struct
  - From: Jann Horn
- Re: Keyrings, user namespaces and the user_struct
  - From: David Howells

Prev by Date: Re: Keyrings, user namespaces and the user_struct
Next by Date: Re: [RFC PATCH] rlimit: Account nproc per-usernamespace/per-user
Previous by thread: Re: Keyrings, user namespaces and the user_struct
Next by thread: Re: Keyrings, user namespaces and the user_struct
Index(es):
- Date
- Thread

[Index of Archives] [Cgroups] [Netdev] [Linux Wireless] [Kernel Newbies] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba]