subject:"\[kernel\-hardening\] Re\: \[PATCH 2\/2\] sysctl\: allow CLONE_NEWUSER to be disabled"

Re: [kernel-hardening] Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-25 Thread Kees Cook

On Sun, Jan 24, 2016 at 2:20 PM, Andy Lutomirski wrote: > On Sun, Jan 24, 2016 at 12:59 PM, Kees Cook wrote: >> On Fri, Jan 22, 2016 at 4:59 PM, Ben Hutchings wrote: >>> On Fri, 2016-01-22 at 15:00 -0800, Kees Cook wrote: On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: > 2016-0

Re: [kernel-hardening] Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-24 Thread Andy Lutomirski

On Sun, Jan 24, 2016 at 12:59 PM, Kees Cook wrote: > On Fri, Jan 22, 2016 at 4:59 PM, Ben Hutchings wrote: >> On Fri, 2016-01-22 at 15:00 -0800, Kees Cook wrote: >>> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: >>> > 2016-01-22 23:50 GMT+01:00 Kees Cook : >>> > >>> > > > Seems that Deb

Re: [kernel-hardening] Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-24 Thread Kees Cook

On Fri, Jan 22, 2016 at 4:59 PM, Ben Hutchings wrote: > On Fri, 2016-01-22 at 15:00 -0800, Kees Cook wrote: >> On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: >> > 2016-01-22 23:50 GMT+01:00 Kees Cook : >> > >> > > > Seems that Debian and some older Ubuntu versions are already using >> > >

Re: [kernel-hardening] Re: [PATCH 2/2] sysctl: allow CLONE_NEWUSER to be disabled

2016-01-22 Thread Ben Hutchings

On Fri, 2016-01-22 at 15:00 -0800, Kees Cook wrote: > On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki wrote: > > 2016-01-22 23:50 GMT+01:00 Kees Cook : > > > > > > Seems that Debian and some older Ubuntu versions are already using > > > > > > > > $ sysctl -a | grep usern > > > > kernel.unprivile