Bug#1012547: linux: disable user namespaces per default

To: 1012547@bugs.debian.org
Subject: Bug#1012547: linux: disable user namespaces per default
From: Philippe Cerfon <philcerf@gmail.com>
Date: Tue, 5 Jul 2022 15:22:03 +0200
Message-id: <[🔎] CAN+za=OtKtNx6g-vJvy89Srr+6WMXW8_SC9EnSvGD-XaSXMLuw@mail.gmail.com>
Reply-to: Philippe Cerfon <philcerf@gmail.com>, 1012547@bugs.debian.org
In-reply-to: <CAN+za=PSkriYG9FcWCwX88k7_ih13oTaQpUbAeJMGAtMb5=7KQ@mail.gmail.com>
References: <CAN+za=PUa6Pfem-HTmMH_MPNjtrq8VArcBdqtPfY=ey8FEUFsw@mail.gmail.com> <7a24cbe33311058a9ded501818402e015990ba94.camel@decadent.org.uk> <CAN+za=PSkriYG9FcWCwX88k7_ih13oTaQpUbAeJMGAtMb5=7KQ@mail.gmail.com> <CAN+za=PUa6Pfem-HTmMH_MPNjtrq8VArcBdqtPfY=ey8FEUFsw@mail.gmail.com>

On Thu, Jun 16, 2022 at 6:19 PM Philippe Cerfon <philcerf@gmail.com> wrote:
> Well I guess the 6 or so root security holes, and counting

And here we go already, faster than even I'd have expected:

Say welcome to CVE-2022-32250, the next root security hole which would
apparently have been mitigated if Debian were to ship sane defaults.

Shall we guess how many systems are going to be compromised because of
that?! I guess, none, because attackers surely understand that they
should abuse something that's needed for some containers and flatpaks
:-)

Reply to:

Prev by Date: Bug#992555: probably same on Dell Inspiron 3580
Next by Date: Bug#1014394: Also Affected - linux kernel 5.10.0-15 on virtualbox host causes random process crashes in guests
Previous by thread: Bug#992555: probably same on Dell Inspiron 3580
Next by thread: Re: Bug#1012547: linux: disable user namespaces per default
Index(es):
- Date
- Thread