1226751 – (CVE-2014-9717) CVE-2014-9717 kernel: unsharing MNT_LOCKED mount can expose files beneath the mount.

Bug 1226751 (CVE-2014-9717) - CVE-2014-9717 kernel: unsharing MNT_LOCKED mount can expose files beneath the mount.

Summary: CVE-2014-9717 kernel: unsharing MNT_LOCKED mount can expose files beneath the...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-9717
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1226108 (view as bug list)
Depends On:	1226765 1231595 1231596
Blocks:	1213949
TreeView+	depends on / blocked

Reported:	2015-06-01 01:13 UTC by Wade Mealing
Modified:	2021-10-21 00:45 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was found that unsharing a mount namespace could allow a user to see data beneath their restricted namespace.
Clone Of:
Environment:
Last Closed:	2021-10-21 00:45:38 UTC
Embargoed:

Attachments	(Terms of Use)

Description Wade Mealing 2015-06-01 01:13:54 UTC

  "The semantics of MNT_LOCKED are that you aren't allowed to see what
   is beneath. So if you can get under there even by unsharing the mount
   namespace it is an implementation bug in MNT_LOCKED."

At this current time, Red Hat Enterprise Linux products do not ship with user namespaces enabled as a kernel compile-time option and are therefore not affected.

References:
http://marc.info/?l=linux-kernel&m=141271552117745&w=2
http://www.spinics.net/lists/linux-containers/msg30786.html
https://git.kernel.org/linus/da362b09e42ee0bcaf0356afee6078b4f324baff
http://openwall.com/lists/oss-security/2015/04/18/3

Comment 1 Wade Mealing 2015-06-01 01:21:54 UTC

Statement:

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

Comment 3 Wade Mealing 2015-06-01 04:04:04 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1226765]

Comment 4 Wade Mealing 2015-06-01 04:08:23 UTC

This issue does not affect Red Hat Enterprise Linux at this time as we do not allow creation of user namespaces.  This area of code does not exist and has not been backported to current Red Hat Enterprise Linux kernels.

Comment 7 Wade Mealing 2015-08-26 01:11:06 UTC

*** Bug 1226108 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

aquini
bhu
blc
dhoward
fhrbata
gansalmon
itamar
jforbes
jkacur
joelsmith
jonathan
jwboyer
kernel-maint
kernel-mgr
lgoncalv
madhu.chinakonda
mchehab
mlangsdo
nmurray
rvrbovsk
slawomir
williams
xzhou