* Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree
@ 2017-01-04 10:05 gregkh
2017-01-04 10:32 ` Greg KH
0 siblings, 1 reply; 6+ messages in thread
From: gregkh @ 2017-01-04 10:05 UTC (permalink / raw)
To: ebiederm, gregkh, jann; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
exec: Ensure mm->user_ns contains the execed files
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
exec-ensure-mm-user_ns-contains-the-execed-files.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From f84df2a6f268de584a201e8911384a2d244876e3 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 16 Nov 2016 22:06:51 -0600
Subject: exec: Ensure mm->user_ns contains the execed files
From: Eric W. Biederman <ebiederm@xmission.com>
commit f84df2a6f268de584a201e8911384a2d244876e3 upstream.
When the user namespace support was merged the need to prevent
ptrace from revealing the contents of an unreadable executable
was overlooked.
Correct this oversight by ensuring that the executed file
or files are in mm->user_ns, by adjusting mm->user_ns.
Use the new function privileged_wrt_inode_uidgid to see if
the executable is a member of the user namespace, and as such
if having CAP_SYS_PTRACE in the user namespace should allow
tracing the executable. If not update mm->user_ns to
the parent user namespace until an appropriate parent is found.
Reported-by: Jann Horn <jann@thejh.net>
Fixes: 9e4a36ece652 ("userns: Fail exec for suid and sgid binaries with ids outside our user namespace.")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exec.c | 19 +++++++++++++++++--
include/linux/capability.h | 1 +
kernel/capability.c | 16 ++++++++++++++--
3 files changed, 32 insertions(+), 4 deletions(-)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1123,8 +1123,22 @@ EXPORT_SYMBOL(flush_old_exec);
void would_dump(struct linux_binprm *bprm, struct file *file)
{
- if (inode_permission(file_inode(file), MAY_READ) < 0)
+ struct inode *inode = file_inode(file);
+ if (inode_permission(inode, MAY_READ) < 0) {
+ struct user_namespace *old, *user_ns;
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+
+ /* Ensure mm->user_ns contains the executable */
+ user_ns = old = bprm->mm->user_ns;
+ while ((user_ns != &init_user_ns) &&
+ !privileged_wrt_inode_uidgid(user_ns, inode))
+ user_ns = user_ns->parent;
+
+ if (old != user_ns) {
+ bprm->mm->user_ns = get_user_ns(user_ns);
+ put_user_ns(old);
+ }
+ }
}
EXPORT_SYMBOL(would_dump);
@@ -1154,7 +1168,6 @@ void setup_new_exec(struct linux_binprm
!gid_eq(bprm->cred->gid, current_egid())) {
current->pdeath_signal = 0;
} else {
- would_dump(bprm, bprm->file);
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
set_dumpable(current->mm, suid_dumpable);
}
@@ -1587,6 +1600,8 @@ static int do_execveat_common(int fd, st
if (retval < 0)
goto out;
+ would_dump(bprm, bprm->file);
+
retval = exec_binprm(bprm);
if (retval < 0)
goto out;
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -247,6 +247,7 @@ static inline bool ns_capable_noaudit(st
return true;
}
#endif /* CONFIG_MULTIUSER */
+extern bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode);
extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -457,6 +457,19 @@ bool file_ns_capable(const struct file *
EXPORT_SYMBOL(file_ns_capable);
/**
+ * privileged_wrt_inode_uidgid - Do capabilities in the namespace work over the inode?
+ * @ns: The user namespace in question
+ * @inode: The inode in question
+ *
+ * Return true if the inode uid and gid are within the namespace.
+ */
+bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode)
+{
+ return kuid_has_mapping(ns, inode->i_uid) &&
+ kgid_has_mapping(ns, inode->i_gid);
+}
+
+/**
* capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
* @inode: The inode in question
* @cap: The capability in question
@@ -469,7 +482,6 @@ bool capable_wrt_inode_uidgid(const stru
{
struct user_namespace *ns = current_user_ns();
- return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
- kgid_has_mapping(ns, inode->i_gid);
+ return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode);
}
EXPORT_SYMBOL(capable_wrt_inode_uidgid);
Patches currently in stable-queue which might be from ebiederm@xmission.com are
queue-4.4/mm-add-a-user_ns-owner-to-mm_struct-and-fix-ptrace-permission-checks.patch
queue-4.4/exec-ensure-mm-user_ns-contains-the-execed-files.patch
queue-4.4/ptrace-capture-the-ptracer-s-creds-not-pt_ptrace_cap.patch
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree
2017-01-04 10:05 Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree gregkh
@ 2017-01-04 10:32 ` Greg KH
2017-01-04 10:58 ` Greg KH
0 siblings, 1 reply; 6+ messages in thread
From: Greg KH @ 2017-01-04 10:32 UTC (permalink / raw)
To: ebiederm, jann; +Cc: stable, stable-commits
On Wed, Jan 04, 2017 at 11:05:53AM +0100, gregkh@linuxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> exec: Ensure mm->user_ns contains the execed files
>
> to the 4.4-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>
> The filename of the patch is:
> exec-ensure-mm-user_ns-contains-the-execed-files.patch
> and it can be found in the queue-4.4 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable@vger.kernel.org> know about it.
Oops, nope, this broke the build too, now dropped.
thanks,
greg k-h
> >From f84df2a6f268de584a201e8911384a2d244876e3 Mon Sep 17 00:00:00 2001
> From: "Eric W. Biederman" <ebiederm@xmission.com>
> Date: Wed, 16 Nov 2016 22:06:51 -0600
> Subject: exec: Ensure mm->user_ns contains the execed files
>
> From: Eric W. Biederman <ebiederm@xmission.com>
>
> commit f84df2a6f268de584a201e8911384a2d244876e3 upstream.
>
> When the user namespace support was merged the need to prevent
> ptrace from revealing the contents of an unreadable executable
> was overlooked.
>
> Correct this oversight by ensuring that the executed file
> or files are in mm->user_ns, by adjusting mm->user_ns.
>
> Use the new function privileged_wrt_inode_uidgid to see if
> the executable is a member of the user namespace, and as such
> if having CAP_SYS_PTRACE in the user namespace should allow
> tracing the executable. If not update mm->user_ns to
> the parent user namespace until an appropriate parent is found.
>
> Reported-by: Jann Horn <jann@thejh.net>
> Fixes: 9e4a36ece652 ("userns: Fail exec for suid and sgid binaries with ids outside our user namespace.")
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> ---
> fs/exec.c | 19 +++++++++++++++++--
> include/linux/capability.h | 1 +
> kernel/capability.c | 16 ++++++++++++++--
> 3 files changed, 32 insertions(+), 4 deletions(-)
>
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1123,8 +1123,22 @@ EXPORT_SYMBOL(flush_old_exec);
>
> void would_dump(struct linux_binprm *bprm, struct file *file)
> {
> - if (inode_permission(file_inode(file), MAY_READ) < 0)
> + struct inode *inode = file_inode(file);
> + if (inode_permission(inode, MAY_READ) < 0) {
> + struct user_namespace *old, *user_ns;
> bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
> +
> + /* Ensure mm->user_ns contains the executable */
> + user_ns = old = bprm->mm->user_ns;
> + while ((user_ns != &init_user_ns) &&
> + !privileged_wrt_inode_uidgid(user_ns, inode))
> + user_ns = user_ns->parent;
> +
> + if (old != user_ns) {
> + bprm->mm->user_ns = get_user_ns(user_ns);
> + put_user_ns(old);
> + }
> + }
> }
> EXPORT_SYMBOL(would_dump);
>
> @@ -1154,7 +1168,6 @@ void setup_new_exec(struct linux_binprm
> !gid_eq(bprm->cred->gid, current_egid())) {
> current->pdeath_signal = 0;
> } else {
> - would_dump(bprm, bprm->file);
> if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
> set_dumpable(current->mm, suid_dumpable);
> }
> @@ -1587,6 +1600,8 @@ static int do_execveat_common(int fd, st
> if (retval < 0)
> goto out;
>
> + would_dump(bprm, bprm->file);
> +
> retval = exec_binprm(bprm);
> if (retval < 0)
> goto out;
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -247,6 +247,7 @@ static inline bool ns_capable_noaudit(st
> return true;
> }
> #endif /* CONFIG_MULTIUSER */
> +extern bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode);
> extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
> extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
>
> --- a/kernel/capability.c
> +++ b/kernel/capability.c
> @@ -457,6 +457,19 @@ bool file_ns_capable(const struct file *
> EXPORT_SYMBOL(file_ns_capable);
>
> /**
> + * privileged_wrt_inode_uidgid - Do capabilities in the namespace work over the inode?
> + * @ns: The user namespace in question
> + * @inode: The inode in question
> + *
> + * Return true if the inode uid and gid are within the namespace.
> + */
> +bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode)
> +{
> + return kuid_has_mapping(ns, inode->i_uid) &&
> + kgid_has_mapping(ns, inode->i_gid);
> +}
> +
> +/**
> * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
> * @inode: The inode in question
> * @cap: The capability in question
> @@ -469,7 +482,6 @@ bool capable_wrt_inode_uidgid(const stru
> {
> struct user_namespace *ns = current_user_ns();
>
> - return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
> - kgid_has_mapping(ns, inode->i_gid);
> + return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode);
> }
> EXPORT_SYMBOL(capable_wrt_inode_uidgid);
>
>
> Patches currently in stable-queue which might be from ebiederm@xmission.com are
>
> queue-4.4/mm-add-a-user_ns-owner-to-mm_struct-and-fix-ptrace-permission-checks.patch
> queue-4.4/exec-ensure-mm-user_ns-contains-the-execed-files.patch
> queue-4.4/ptrace-capture-the-ptracer-s-creds-not-pt_ptrace_cap.patch
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree
2017-01-04 10:32 ` Greg KH
@ 2017-01-04 10:58 ` Greg KH
2017-01-04 20:51 ` Eric W. Biederman
0 siblings, 1 reply; 6+ messages in thread
From: Greg KH @ 2017-01-04 10:58 UTC (permalink / raw)
To: ebiederm, jann; +Cc: stable, stable-commits
On Wed, Jan 04, 2017 at 11:32:41AM +0100, Greg KH wrote:
> On Wed, Jan 04, 2017 at 11:05:53AM +0100, gregkh@linuxfoundation.org wrote:
> >
> > This is a note to let you know that I've just added the patch titled
> >
> > exec: Ensure mm->user_ns contains the execed files
> >
> > to the 4.4-stable tree which can be found at:
> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >
> > The filename of the patch is:
> > exec-ensure-mm-user_ns-contains-the-execed-files.patch
> > and it can be found in the queue-4.4 subdirectory.
> >
> > If you, or anyone else, feels it should not be added to the stable tree,
> > please let <stable@vger.kernel.org> know about it.
>
> Oops, nope, this broke the build too, now dropped.
And I've now fixed it, sorry for the noise...
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree
2017-01-04 10:58 ` Greg KH
@ 2017-01-04 20:51 ` Eric W. Biederman
2017-01-04 21:12 ` Greg KH
0 siblings, 1 reply; 6+ messages in thread
From: Eric W. Biederman @ 2017-01-04 20:51 UTC (permalink / raw)
To: Greg KH; +Cc: jann, stable, stable-commits
Greg KH <gregkh@linuxfoundation.org> writes:
> On Wed, Jan 04, 2017 at 11:32:41AM +0100, Greg KH wrote:
>> On Wed, Jan 04, 2017 at 11:05:53AM +0100, gregkh@linuxfoundation.org wrote:
>> >
>> > This is a note to let you know that I've just added the patch titled
>> >
>> > exec: Ensure mm->user_ns contains the execed files
>> >
>> > to the 4.4-stable tree which can be found at:
>> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>> >
>> > The filename of the patch is:
>> > exec-ensure-mm-user_ns-contains-the-execed-files.patch
>> > and it can be found in the queue-4.4 subdirectory.
>> >
>> > If you, or anyone else, feels it should not be added to the stable tree,
>> > please let <stable@vger.kernel.org> know about it.
>>
>> Oops, nope, this broke the build too, now dropped.
>
> And I've now fixed it, sorry for the noise...
When I have several patches that have dependencies like this is there
something I can do to make backporting them easier?
Eric
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree
2017-01-04 20:51 ` Eric W. Biederman
@ 2017-01-04 21:12 ` Greg KH
0 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2017-01-04 21:12 UTC (permalink / raw)
To: Eric W. Biederman; +Cc: jann, stable, stable-commits
On Thu, Jan 05, 2017 at 09:51:51AM +1300, Eric W. Biederman wrote:
> Greg KH <gregkh@linuxfoundation.org> writes:
>
> > On Wed, Jan 04, 2017 at 11:32:41AM +0100, Greg KH wrote:
> >> On Wed, Jan 04, 2017 at 11:05:53AM +0100, gregkh@linuxfoundation.org wrote:
> >> >
> >> > This is a note to let you know that I've just added the patch titled
> >> >
> >> > exec: Ensure mm->user_ns contains the execed files
> >> >
> >> > to the 4.4-stable tree which can be found at:
> >> > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
> >> >
> >> > The filename of the patch is:
> >> > exec-ensure-mm-user_ns-contains-the-execed-files.patch
> >> > and it can be found in the queue-4.4 subdirectory.
> >> >
> >> > If you, or anyone else, feels it should not be added to the stable tree,
> >> > please let <stable@vger.kernel.org> know about it.
> >>
> >> Oops, nope, this broke the build too, now dropped.
> >
> > And I've now fixed it, sorry for the noise...
>
> When I have several patches that have dependencies like this is there
> something I can do to make backporting them easier?
There wasn't a dependancy, only a simple .h file that needed to be
included.
But generally you can put the git commit ids that are needed to be also
included in the changelog text:
cc: <stable@vger.kernel.org> # 4.1+ 01234567 abc001122
or just email stable@vger and let us know.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
* Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree
@ 2017-01-04 10:57 gregkh
0 siblings, 0 replies; 6+ messages in thread
From: gregkh @ 2017-01-04 10:57 UTC (permalink / raw)
To: ebiederm, gregkh, jann; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
exec: Ensure mm->user_ns contains the execed files
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
exec-ensure-mm-user_ns-contains-the-execed-files.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From f84df2a6f268de584a201e8911384a2d244876e3 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 16 Nov 2016 22:06:51 -0600
Subject: exec: Ensure mm->user_ns contains the execed files
From: Eric W. Biederman <ebiederm@xmission.com>
commit f84df2a6f268de584a201e8911384a2d244876e3 upstream.
When the user namespace support was merged the need to prevent
ptrace from revealing the contents of an unreadable executable
was overlooked.
Correct this oversight by ensuring that the executed file
or files are in mm->user_ns, by adjusting mm->user_ns.
Use the new function privileged_wrt_inode_uidgid to see if
the executable is a member of the user namespace, and as such
if having CAP_SYS_PTRACE in the user namespace should allow
tracing the executable. If not update mm->user_ns to
the parent user namespace until an appropriate parent is found.
Reported-by: Jann Horn <jann@thejh.net>
Fixes: 9e4a36ece652 ("userns: Fail exec for suid and sgid binaries with ids outside our user namespace.")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exec.c | 20 ++++++++++++++++++--
include/linux/capability.h | 1 +
kernel/capability.c | 16 ++++++++++++++--
3 files changed, 33 insertions(+), 4 deletions(-)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,6 +56,7 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
#include <linux/compat.h>
+#include <linux/user_namespace.h>
#include <asm/uaccess.h>
#include <asm/mmu_context.h>
@@ -1130,8 +1131,22 @@ EXPORT_SYMBOL(flush_old_exec);
void would_dump(struct linux_binprm *bprm, struct file *file)
{
- if (inode_permission(file_inode(file), MAY_READ) < 0)
+ struct inode *inode = file_inode(file);
+ if (inode_permission(inode, MAY_READ) < 0) {
+ struct user_namespace *old, *user_ns;
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+
+ /* Ensure mm->user_ns contains the executable */
+ user_ns = old = bprm->mm->user_ns;
+ while ((user_ns != &init_user_ns) &&
+ !privileged_wrt_inode_uidgid(user_ns, inode))
+ user_ns = user_ns->parent;
+
+ if (old != user_ns) {
+ bprm->mm->user_ns = get_user_ns(user_ns);
+ put_user_ns(old);
+ }
+ }
}
EXPORT_SYMBOL(would_dump);
@@ -1161,7 +1176,6 @@ void setup_new_exec(struct linux_binprm
!gid_eq(bprm->cred->gid, current_egid())) {
current->pdeath_signal = 0;
} else {
- would_dump(bprm, bprm->file);
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
set_dumpable(current->mm, suid_dumpable);
}
@@ -1593,6 +1607,8 @@ static int do_execveat_common(int fd, st
if (retval < 0)
goto out;
+ would_dump(bprm, bprm->file);
+
retval = exec_binprm(bprm);
if (retval < 0)
goto out;
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -247,6 +247,7 @@ static inline bool ns_capable_noaudit(st
return true;
}
#endif /* CONFIG_MULTIUSER */
+extern bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode);
extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap);
extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap);
extern bool ptracer_capable(struct task_struct *tsk, struct user_namespace *ns);
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -457,6 +457,19 @@ bool file_ns_capable(const struct file *
EXPORT_SYMBOL(file_ns_capable);
/**
+ * privileged_wrt_inode_uidgid - Do capabilities in the namespace work over the inode?
+ * @ns: The user namespace in question
+ * @inode: The inode in question
+ *
+ * Return true if the inode uid and gid are within the namespace.
+ */
+bool privileged_wrt_inode_uidgid(struct user_namespace *ns, const struct inode *inode)
+{
+ return kuid_has_mapping(ns, inode->i_uid) &&
+ kgid_has_mapping(ns, inode->i_gid);
+}
+
+/**
* capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped
* @inode: The inode in question
* @cap: The capability in question
@@ -469,8 +482,7 @@ bool capable_wrt_inode_uidgid(const stru
{
struct user_namespace *ns = current_user_ns();
- return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid) &&
- kgid_has_mapping(ns, inode->i_gid);
+ return ns_capable(ns, cap) && privileged_wrt_inode_uidgid(ns, inode);
}
EXPORT_SYMBOL(capable_wrt_inode_uidgid);
Patches currently in stable-queue which might be from ebiederm@xmission.com are
queue-4.4/mm-add-a-user_ns-owner-to-mm_struct-and-fix-ptrace-permission-checks.patch
queue-4.4/exec-ensure-mm-user_ns-contains-the-execed-files.patch
queue-4.4/ptrace-capture-the-ptracer-s-creds-not-pt_ptrace_cap.patch
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-01-04 22:00 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-04 10:05 Patch "exec: Ensure mm->user_ns contains the execed files" has been added to the 4.4-stable tree gregkh
2017-01-04 10:32 ` Greg KH
2017-01-04 10:58 ` Greg KH
2017-01-04 20:51 ` Eric W. Biederman
2017-01-04 21:12 ` Greg KH
2017-01-04 10:57 gregkh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.