Surely you need to handle corrupt data anyway
Surely you need to handle corrupt data anyway
Posted Jun 14, 2023 19:50 UTC (Wed) by SLi (subscriber, #53131)In reply to: Surely you need to handle corrupt data anyway by bluca
Parent article: Mounting images inside a user namespace
I believe the threat model here was that the unprivileged user attacker controls the disk image and wants to compromise the kernel to elevate privileges. I have slightly hard time imagining a non-contrived scenario where an attacker would control a disk image yet need to trigger a vulnerability in a process that could run with effectively the same or fewer privileges as the container.
Posted Jun 14, 2023 21:05 UTC (Wed)
by mb (subscriber, #50428)
[Link]
Automount of a USB stick on a screen-locked machine or similar.
Surely you need to handle corrupt data anyway
>I have slightly hard time imagining a non-contrived scenario where an attacker would control a disk image yet need to trigger a vulnerability in a process that could run with effectively the same or fewer privileges as the container.