Bug 1226751 (CVE-2014-9717) - CVE-2014-9717 kernel: unsharing MNT_LOCKED mount can expose files beneath the mount.
Summary: CVE-2014-9717 kernel: unsharing MNT_LOCKED mount can expose files beneath the...
Keywords:
Status: NEW
Alias: CVE-2014-9717
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1226108 (view as bug list)
Depends On: 1226765 1231595 1231596
Blocks: 1213949
TreeView+ depends on / blocked
 
Reported: 2015-06-01 01:13 UTC by Wade Mealing
Modified: 2019-09-29 13:33 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that unsharing a mount namespace could allow a user to see data beneath their restricted namespace.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Wade Mealing 2015-06-01 01:13:54 UTC
  "The semantics of MNT_LOCKED are that you aren't allowed to see what
   is beneath. So if you can get under there even by unsharing the mount
   namespace it is an implementation bug in MNT_LOCKED."

At this current time, Red Hat Enterprise Linux products do not ship with user namespaces enabled as a kernel compile-time option and are therefore not affected.

References:
http://marc.info/?l=linux-kernel&m=141271552117745&w=2
http://www.spinics.net/lists/linux-containers/msg30786.html
https://git.kernel.org/linus/da362b09e42ee0bcaf0356afee6078b4f324baff
http://openwall.com/lists/oss-security/2015/04/18/3

Comment 1 Wade Mealing 2015-06-01 01:21:54 UTC
Statement:

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Comment 3 Wade Mealing 2015-06-01 04:04:04 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1226765]

Comment 4 Wade Mealing 2015-06-01 04:08:23 UTC
This issue does not affect Red Hat Enterprise Linux at this time as we do not allow creation of user namespaces.  This area of code does not exist and has not been backported to current Red Hat Enterprise Linux kernels.

Comment 7 Wade Mealing 2015-08-26 01:11:06 UTC
*** Bug 1226108 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.