OSS-SEC: Three bypasses of Ubuntu's unprivileged user namespace restrictions
Published on: 2025-05-23 09:07:44
oss-sec mailing list archives
Three bypasses of Ubuntu's unprivileged user namespace restrictions
Qualys Security Advisory Three bypasses of Ubuntu's unprivileged user namespace restrictions ======================================================================== Contents ======================================================================== Summary Bypass via aa-exec Bypass via busybox Bypass via LD_PRELOAD Acknowledgments Timeline (advisory sent to the Ubuntu Security Team on January 15, 2025) ------------------------------------------------------------------------ Prologue, from https://grsecurity.net/10_years_of_linux_security.pdf: + February 2013 (v3.8) - Unprivileged User Namespace support added - Greatly increased kernel attack surface, exposed many interfaces that previously saw little security scrutiny + Attack surface exposed by unprivileged user namespaces isn't decreasing anytime soon - Even more functionality being exposed ----------------------------------------------
... Read full article.