Bypassing Ubuntu's user-namespace restrictions

Date:
Thu, 27 Mar 2025 20:51:14 +0000

Description:
Ubuntu 23.10 and 24.04 LTS introduced a feature using AppArmor to
restrict access to user namespaces. Qualys has reported three ways to bypass AppArmor's restrictions and enable local users to
gain full administrative capabilities within a user namespace. Ubuntu
has followed up with a post that explains the namespace-restriction feature
in detail, and says
these bypasses do not constitute security vulnerabilities. While a
superficial observation of the application of user namespaces may indicate privileged (root level) access, this is a fictitious state that is operating as expected, with access control still mapped to the real (root namespace) user's permissions. As such, these bypasses do not enable more access than what the default Linux kernel
unprivileged user namespace feature allows in most Linux
distributions. They do, however, demonstrate limitations that we are
looking to address in order to strengthen existing protections against as-of-yet-unknown Linux kernel vulnerabilities. LWN covered Ubuntu 24.04 LTS last May.

======================================================================
Link to news story:
https://lwn.net/Articles/1015649/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)