FS#69164 : [linux-hardened] explanation of FS#63295

FS#69164 - [linux-hardened] explanation of FS#63295

Attached to Project: Arch Linux
Opened by Michal Svoboda (pht) - Friday, 01 January 2021, 09:40 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 01 January 2021, 13:42 GMT

Task Type	General Gripe
Category	Packages: Extra
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

In ~~FS#63295~~ it is said that the linux-hardened package will not implement CONFIG_USER_NS_UNPRIVILEGED, instead the correct solution is to make the application that requires namespaces setuid root. I would like to understand the risk analysis behind that. Why is an extra setuid application (which, if exploited, provides complete access to the system) less risky than CONFIG_USER_NS_UNPRIVILEGED?

This task depends upon

Closed by Doug Newgard (Scimmia)
Friday, 01 January 2021, 13:42 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#63295~~

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#69164 - [linux-hardened] explanation of FS#63295

Details

Loading...