mailing list archives
Re: CLONE_NEWUSER local DoS
From: Oleg Nesterov <oleg () redhat com>
Date: Tue, 6 Aug 2013 18:47:45 +0200
On 08/06, Petr Matousek wrote:
spender reported  a local DoS triggerable by unprivileged user when
user namespaces are enabled (CONFIG_USER_NS).
b836010000bb00000010cd80ebf2 is for(;;)unshare(1<<28);
What happens? OOM?
I'll recheck, but at first glance this is simple, unshare_userns()
populates new_cred which is not freed by bad_unshare_cleanup_fd
if create_user_ns() fails. And create_user_ns() _should_ fail (iiuc)
when CLONE_NEWUSER is called for the second time and later due to
I'll send the patch, but perhaps there is something else. Eric?