Escape from a bind mount

Jann Horn jann at thejh.net
Thu Sep 22 14:34:21 UTC 2016


On Thu, Sep 22, 2016 at 04:23:11PM +0200, Gandalf Corvotempesta wrote:
> 2016-09-22 15:48 GMT+02:00 Jann Horn <jann at thejh.net>:
> > It shouldn't be possible to escape from bind mounts anymore. That was a
> > bug, and it was fixed.
> > Where do the docs mention this? We should probably ask them to fix that.
> 
> Is this also backported to older kernel versions? From which kernel
> version is fixed ?

$ git describe --contains 397d425d
v4.3-rc1~66^2

It was fixed in kernel 4.3.

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv4.1.33&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.18.42&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.16.37&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.14.79&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.12.63&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.10.103&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.4.112&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs/tags/v3.2.82&qt=grep&q=vfs%3A+Test+for+and+handle+paths+that+are+unreachable+from+their+mnt_root

The fix was backported to all longterm stable kernels listed at https://kernel.org/.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/containers/attachments/20160922/5c4733a3/attachment-0001.sig>


More information about the Containers mailing list