On Thu, Oct 01, 2015 at 11:15:47AM -0500, Eric W. Biederman wrote: > > With a strategically placed rename bind mounts can be tricked into > giving processes access to the entire filesystem instead of just a piece > of it. This misfeature has existed since bind mounts were introduced > into the kernel. This issue has been fixed in Linus's tree and below > are my tested backports of the fixes to 4.2.1, 4.1.8, 3.18.21, 3.14.53, > 3.12.48, 3.10.89, 3.4.109, 3.2.71, 2.6.32.68. All of the kernels > currently listed as being active. > > The fixes backported are: > cde93be45a8a90d8c264c776fab63487b5038a65 dcache: Handle escaped paths in prepend_path > 397d425dc26da728396e66d392d5dcb8dac30c37 vfs: Test for and handle paths that are unreachable from their mnt_root > > As I backported the patches the logical work remained the same but the > exact implemenation details changed to fit in with the vfs present in > the older kernels. Minor changes were needed for every the backport to > every kernel except 4.2.1. > > Please queue these changes for the appropriate stable trees. > Thank you, Eric. I'm queuing these for the 3.16 kernel as well (picking the 3.18 backports). Cheers, -- Luís -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html