Commit Graph

2055 Commits

Author SHA1 Message Date
Josh Soref
74fcf6f28d spelling: interactive 2017-10-22 20:24:32 +00:00
Josh Soref
70eb03ec29 spelling: inserted 2017-10-22 20:22:44 +00:00
Josh Soref
856d26cb4b spelling: improvements 2017-10-22 20:11:27 +00:00
Josh Soref
1adf386345 spelling: if the 2017-10-22 19:47:52 +00:00
Josh Soref
02137de419 spelling: if 2017-10-22 20:52:44 +00:00
Josh Soref
73516df908 spelling: gshadow 2017-10-22 19:47:08 +00:00
Josh Soref
3025b9ebac spelling: groupmod 2017-10-22 19:33:50 +00:00
Josh Soref
e235f372ce spelling: gratuitously 2017-10-22 19:17:02 +00:00
Josh Soref
62ace035c6 spelling: getxxyyy 2017-10-22 19:16:30 +00:00
Josh Soref
07a169d964 spelling: forgotten 2017-10-22 19:13:08 +00:00
Josh Soref
8e2b91c8cc spelling: faillog 2017-10-22 19:11:52 +00:00
Josh Soref
831ff281d0 spelling: equivalent 2017-10-22 19:11:20 +00:00
Josh Soref
29ad485d17 spelling: enviroment 2017-10-22 19:10:52 +00:00
Josh Soref
51f740e23e spelling: entered 2017-10-22 19:10:41 +00:00
Josh Soref
c751f4a6ec spelling: else 2017-10-22 19:08:39 +00:00
Josh Soref
742868dc2d spelling: display its 2017-10-22 18:44:58 +00:00
Josh Soref
9b8bddd179 spelling: displaying 2017-10-22 18:43:40 +00:00
Josh Soref
1987203745 spelling: displayed 2017-10-22 18:43:48 +00:00
Josh Soref
f7abcfb39a spelling: devices 2017-10-22 18:40:47 +00:00
Josh Soref
016bc8b813 spelling: default 2017-10-22 18:34:35 +00:00
Josh Soref
66b1a59efe spelling: cumulative 2017-10-22 18:33:13 +00:00
Josh Soref
bd4750126b spelling: created 2017-10-22 08:23:57 +00:00
Josh Soref
0fba6bd347 spelling: conversation 2017-10-22 18:32:19 +00:00
Josh Soref
eb9db854d7 spelling: constraints 2017-10-22 21:07:23 +00:00
Josh Soref
7d68d59cc2 spelling: configuration 2017-10-22 18:31:51 +00:00
Josh Soref
f9311ba61d spelling: conditionally 2017-10-22 18:31:24 +00:00
Josh Soref
60d2888605 spelling: comment 2017-10-22 18:25:35 +00:00
Josh Soref
c2ada4c306 spelling: command 2017-10-22 18:25:46 +00:00
Josh Soref
310ef194a1 spelling: close 2017-10-22 18:25:14 +00:00
Josh Soref
daf30eff79 spelling: chpasswd 2017-10-22 18:23:41 +00:00
Josh Soref
a90585f1d6 spelling: checking 2017-10-22 18:22:12 +00:00
Josh Soref
4be6d423e4 spelling: changed 2017-10-22 08:24:23 +00:00
Josh Soref
2db724bc50 spelling: change 2017-10-22 08:24:59 +00:00
Josh Soref
452b9c26e4 spelling: categories 2017-10-22 08:08:07 +00:00
Josh Soref
d0c05b0143 spelling: cannot 2017-10-22 08:05:45 +00:00
Josh Soref
36aeb4e9ee spelling: built 2017-10-22 18:41:48 +00:00
Josh Soref
f8d4b66edd spelling: better 2017-10-22 08:05:08 +00:00
Josh Soref
483de7d614 spelling: beginning 2017-10-22 08:04:51 +00:00
Josh Soref
a95ed40bf0 spelling: available 2017-10-22 08:02:00 +00:00
Josh Soref
686efcfcb1 spelling: attributes 2017-10-22 07:59:41 +00:00
Josh Soref
bd6f2760a3 spelling: at the 2017-10-22 08:00:59 +00:00
Josh Soref
15631009b4 spelling: applied 2017-10-22 07:57:56 +00:00
Josh Soref
8eb822ebf3 spelling: anonymous 2017-10-22 07:56:49 +00:00
Josh Soref
aa95b1b763 spelling: always 2017-10-22 07:56:16 +00:00
Josh Soref
92e3a5e386 spelling: allowed 2017-10-22 07:56:05 +00:00
Josh Soref
4c22dcfbfd spelling: address 2017-10-22 07:55:43 +00:00
Josh Soref
4f459198db spelling: account 2017-10-22 07:52:04 +00:00
Serge Hallyn
c53e4c1d77
Merge pull request #97 from cyphar/newgidmap-secure-setgroups
newgidmap: enforce setgroups=deny if self-mapping a group
2018-02-16 08:40:39 -06:00
Aleksa Sarai
6d8be68071
README: add Aleksa Sarai to author list
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-02-16 17:56:36 +11:00
Aleksa Sarai
fb28c99b8a
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.

This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).

We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".

Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
Fixes: CVE-2018-7169
Reported-by: Craig Furman <craig.furman89@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
2018-02-16 17:56:35 +11:00