Bug#898446: Please reconsider enabling the user namespaces by default

To: bigon@debian.org
Cc: 898446@bugs.debian.org
Subject: Bug#898446: Please reconsider enabling the user namespaces by default
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 13 May 2018 22:57:56 +0200
Message-id: <[🔎] 20180513205756.GA25115@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 898446@bugs.debian.org
In-reply-to: <[🔎] bb8b5e75701d3fcc7112d3099c26de0fcd867962.camel@decadent.org.uk>
References: <[🔎] 152606429001.13234.16221071531184316429.reportbug@valinor.bigon.be> <[🔎] bb8b5e75701d3fcc7112d3099c26de0fcd867962.camel@decadent.org.uk> <[🔎] 152606429001.13234.16221071531184316429.reportbug@valinor.bigon.be>

Ben Hutchings wrote:
> And this still mitigates a significant fraction of the security issues
> found in the kernel.

A quite significant fraction; on average this neutralises a root privilege
escalation every month or so. This is really not something that we should
re-enable any time soon.

Cheers,
        Moritz

Reply to:

References:
- Bug#898446: Please reconsider enabling the user namespaces by default
  - From: Laurent Bigonville <bigon@debian.org>
- Bug#898446: Please reconsider enabling the user namespaces by default
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Bug#897917: marked as done (Stretch kernel 4.9.88-1 breaks startup of RPC, KDC services)
Next by Date: linux_4.9.88-1+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#898446: Please reconsider enabling the user namespaces by default
Next by thread: Bug#898446: Please reconsider enabling the user namespaces by default
Index(es):
- Date
- Thread