On Fri, 2015-10-02 at 11:01 -0500, Eric W. Biederman wrote: [...] > Having thought about this I definitely think we need this on older > kernels. I am aware of at least one piece of software that predates > 2.6.32 is vulnerable to this escape. > > The software in all innocence bind mounted a users /home directory into > a root filesystem that was stored in the users /home directory. That > is enough to allow the escape with a simple unprivileged rename. > > So since this is actually exploitable on real userspace software that > predates 2.6.32 I think this fix needs to be backported, as it is not > a theoretical issue. Thanks for the explanation. I'll review and test the patches for 2.6.32 and 3.2 in a while. Ben. -- Ben Hutchings compatible: Gracefully accepts erroneous data from any source
Attachment:
signature.asc
Description: This is a digitally signed message part