The rearranging done for user ns has resulted in allowing arbitrary kernel module loading[1] (i.e. re-introducing a form of CVE-2011-1019) by what is assumed to be an unprivileged process.
At present, it does look to require at least CAP_SETUID along the way to set up the uidmap (but things like the setuid helper newuidmap might soon start providing such a thing by default). It might be worth examining GRKERNSEC_MODHARDEN in grsecurity, which examines module symbols to verify that request_module() for a filesystem only loads a module that defines "register_filesystem" (among other things). -Kees [1] https://twitter.com/grsecurity/status/307473816672665600 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
