diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2021-05-16 15:46:13 -0700 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2021-05-16 16:15:28 -0700 |
commit | 572b1f8099c05e2840ae66d52d8bee8e547bad39 (patch) | |
tree | b1195d72340deebcf0f9e12e3c30a88ac150f60e /progs | |
parent | fe4c27de243b13973acff3cda2c8c8ff4a768855 (diff) | |
download | libcap2-572b1f8099c05e2840ae66d52d8bee8e547bad39.tar.gz |
Validate that user namespaces require CAP_SETFCAP to map UID=0.
I found this corner case privilege escalation in December 2020.
Now that it is fixed upstream and widely deployed, add a test
so we don't regress.
[If you find 'make sutotest' fails for you, you should upgrade
your kernel.]
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'progs')
-rw-r--r-- | progs/capshdoc.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/progs/capshdoc.h b/progs/capshdoc.h index efe4797..79953b3 100644 --- a/progs/capshdoc.h +++ b/progs/capshdoc.h @@ -276,6 +276,11 @@ static const char *explanation30[] = { /* cap_audit_control = 30 */ }; static const char *explanation31[] = { /* cap_setfcap = 31 */ "Allows a process to set capabilities on files.", + "Permits a process to uid_map the uid=0 of the", + "parent user namespace into that of the child", + "namespace. Also, permits a process to override", + "securebits locks through user namespace", + "creation.", NULL }; static const char *explanation32[] = { /* cap_mac_override = 32 */ |