Re: Patch "mnt: Prevent pivot_root from creating a loop in the mount tree" (CVE-2014-7970) is missing in 3.2 stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ben Hutchings <ben@xxxxxxxxxxxxxxx> writes:

> On Wed, 2016-11-23 at 03:04 +0100, Thomas Deutschmann wrote:
>> Hi,
>> 
>> the following patch was backported to the following LTS kernels
>> 
>> - >=3.16.35
>> - >=3.12.33
>> - >=3.10.60
>> - >=3.4.106
>> 
>> 
>> however it is missing from LTS kernels
>> 
>> - linux-3.2
> [...]
>
> pivot_root() is only available with CAP_SYS_ADMIN, and 3.2 doesn't
> support capabilities in user namespaces.  So I don't believe this has
> any security impact.

Agreed.  It will prevent root shooting themselves in the foot, in a way
that should never have been allowed.

There is no danger of an unprivileged user triggering this.

If the patch applies cleanly to 3.2 it won't hurt and may help.   But
for 3.2 it would be just an ordinary bug fix.

Eric




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]