[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] [CVE-2021-3493] Ubuntu Linux kernel overlayfs fs caps privilege escalation
From:       Steve Beattie <steve.beattie () canonical ! com>
Date:       2021-04-16 15:04:50
Message-ID: 20210416150450.GC5315 () nxnw ! org
[Download RAW message or body]


On Fri, Apr 16, 2021 at 04:53:50PM +0200, Salvatore Bonaccorso wrote:
> Hi Steve,
> 
> On Thu, Apr 15, 2021 at 02:31:14PM -0700, Steve Beattie wrote:
> > Hello,
> > 
> > An independent security researcher reported via the SSD Secure
> > Disclosure program that the overlayfs stacking file system within the
> > Linux kernel as used within Ubuntu did not properly validate the
> > application of file capabilities against user namespaces.
> > 
> > This issue is likely Ubuntu specific, as Ubuntu carries a patch to
> > enable unprivileged overlayfs mounts. The combination of that patch
> > plus allowing unprivileged user namespaces by default in Ubuntu allows
> > an unprivileged attacker to gain elevated privileges.
> > 
> > A commit that addresses the issue was applied in the upstream kernel:
> > 
> >   7c03e2cda4a5 ("vfs: move cap_convert_nscap() call into vfs_setxattr()") (v5.10)
> 
> For completeness, this though was in v5.11-rc1 right?

Yes, sorry, thanks for the correction.

-- 
Steve Beattie
<sbeattie@ubuntu.com>

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]