Re: Issue in man page user_namespaces.7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Helge,

On 1/22/23 20:31, Helge Kreutzmann wrote:

Without further ado, the following was found:

Issue 1:  I</proc/ pid /setgroups> → I</proc/>pidI</setgroups>
Issue 2:  I</proc/ pid /gid_map> → I</proc/>pidI</gid_map>
Issue 3:  I</proc/ pid /gid_map> → I</proc/>pidI</gid_map>

"Writing \"I<deny>\" to the I</proc/ pid /setgroups> file before writing to"
"I</proc/ pid /gid_map> will permanently disable B<setgroups>(2)  in a user"
"namespace and allow writing to I</proc/ pid /gid_map> without having the"
"B<CAP_SETGID> capability in the parent user namespace."


Fixed.

Thanks,
Alex


commit d752f865c0355435519c41470ad4cf33ae8557ae (HEAD -> master)
Author: Alejandro Colomar <alx@xxxxxxxxxx>
Date:   Sun Jan 22 22:15:17 2023 +0100

    user_namespaces.7: ffix

    Reported-by: Helge Kreutzmann <debian@xxxxxxxxxxxxx>
    Cc: Mario Blaettermann <mario.blaettermann@xxxxxxxxx>
    Signed-off-by: Alejandro Colomar <alx@xxxxxxxxxx>

diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 838c09278..73d8a4eb8 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -722,9 +722,9 @@ .SS Interaction with system calls that change process UIDs or GIDs 
 Writing
 .RI \(dq deny \(dq
 to the
-.I /proc/ pid /setgroups
+.IR /proc/ pid /setgroups
 file before writing to
-.I /proc/ pid /gid_map
+.IR /proc/ pid /gid_map
 .\" Things changed in Linux 3.19
 .\" commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8
 .\" commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272
@@ -732,14 +732,14 @@ .SS Interaction with system calls that change process UIDs or GIDs 
 will permanently disable
 .BR setgroups (2)
 in a user namespace and allow writing to
-.I /proc/ pid /gid_map
+.IR /proc/ pid /gid_map
 without having the
 .B CAP_SETGID
 capability in the parent user namespace.
 .\"
 .\" ============================================================
 .\"
-.SS The /proc/ pid /setgroups file
+.SS The /proc/\fIpid\fP/setgroups file
 .\"
 .\" commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8
 .\" commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272
@@ -839,7 +839,7 @@ .SS The /proc/ pid /setgroups file
 this user namespace.
 .PP
 The
-.I /proc/ pid /setgroups
+.IR /proc/ pid /setgroups
 file was added in Linux 3.19,
 but was backported to many earlier stable kernel series,
 because it addresses a security issue.


--
<http://www.alejandro-colomar.es/>

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux