There is no easy way to test the CVE without changes to bwrap, because it involves ptracing the process tree while racing startup. When i tested the fix i inserted a sleep in the code and attached to it with strace to verify that it was possible to ptrace at that point. You can test it in a similar way i guess.
But basically, with 0.1.5 you should not be able to ptrace the setup code at all, even when using user namespaces (--unshare-user), and thus you can't hijack the code to make it do something weird. Additionally, even if you were to ptrace the unprivileged part of the setup code you now can't ask for a hostname change unless a namespace for that was requested, so its even harder to test the CVE... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643734 Title: privilege escalation via ptrace (CVE-2016-8659) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1643734/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
