On Sat, Oct 03, 2015 at 02:48:03AM +0100, Ben Hutchings wrote: > On Fri, 2015-10-02 at 11:01 -0500, Eric W. Biederman wrote: > [...] > > Having thought about this I definitely think we need this on older > > kernels. I am aware of at least one piece of software that predates > > 2.6.32 is vulnerable to this escape. > > > > The software in all innocence bind mounted a users /home directory into > > a root filesystem that was stored in the users /home directory. That > > is enough to allow the escape with a simple unprivileged rename. > > > > So since this is actually exploitable on real userspace software that > > predates 2.6.32 I think this fix needs to be backported, as it is not > > a theoretical issue. > > Thanks for the explanation. I'll review and test the patches for > 2.6.32 and 3.2 in a while. Thanks as well. Willy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html