Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp245285lqb; Tue, 16 Apr 2024 14:34:19 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWxGzrImjJxb79UxSJY9K7MMPYUPmxqeDuEKnGfr18zzC6jmE0xSE2LSNX4PwM64mcgYlQM8dRU59jDhWdr3Mizpee77ZY36ydEXlxu+A== X-Google-Smtp-Source: AGHT+IFXECGsJrgATnT1GGRbOJNHWkwiN97LkLtUpDKtlj6mfaH6V+9lpr1ETd0cTSvR0RQCyiDE X-Received: by 2002:a05:620a:16d1:b0:789:fa4d:eebb with SMTP id a17-20020a05620a16d100b00789fa4deebbmr14573166qkn.69.1713303259042; Tue, 16 Apr 2024 14:34:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1713303259; cv=none; d=google.com; s=arc-20160816; b=WsmYWTcGqqQqU29PnmFtReqUjDoAfBmTKtvD4dPaL23pU/r4/FxoZ7+11Ekr92zsbG kRyXj1YhEVl69iJcDxJCyWQ79Ieda8iA1UiqxjsbJyKzqeQ0E5ld4QFytqpSWlQvEx47 fXr6yZh3r1SAiF2BXEQdRexZ/LuYlTTZtN3g5wABj5rGvPhJb2C9nfodjRnp/7BkGN27 hZHhWy2e96iUA3q3nh5dCEJi5uIuIcTzUiFXBDTjCJZjYFmc/pV7PphvcEsJ4A6tjXKT OwkXY9b3OKqRwPZEPbUy/ERsugUGFAdRGZV1GdijnxkTejg8yY58EwtiGHRrJEsv3M9u 5/qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:to:message-id:date:from:mime-version:dkim-signature :delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=VX9Hh7r0zyWdhgZXYOj3CdFGPlnZKleTofJHil4UfXM=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=F3Wt6PFberaOmC+CBREG4xizK7Q1/gaktADdok6ifZhVM4j6fV9D6vfOLNKPCakwOb 6GuYhJo5kQ0C93aR2AmOBBH9zqf2AvGzK8E6C/K7+B073wlK4la7GnZnP568DA3Vbalm PzDqNLiHcGBlVEpSMbGz9Kr5hHShJehJKjr4lfi4W9yKyH8BGTKP9rs9WCAGNwy3+mYJ 51Dc/jCwa+mfgzdP6EXZxsNyQR3VoWSvQd/a3QsTTz+JjmyH6jK68dIPhCbpM4gaqEjV OGGu2KGQ/4d7lP4fHLFgh0//JtSJbQJp1REy5MzS3FuU3HWKwtZWJzsIR41OhSitXXe/ zeLQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b="AeNH/pye"; spf=pass (google.com: domain of oss-security-return-30034-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30034-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id p23-20020a05620a057700b00789e9aa2d1bsi12909093qkp.508.2024.04.16.14.34.18 for ; Tue, 16 Apr 2024 14:34:19 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30034-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b="AeNH/pye"; spf=pass (google.com: domain of oss-security-return-30034-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30034-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (qmail 21969 invoked by uid 550); 16 Apr 2024 21:33:58 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 16319 invoked from network); 16 Apr 2024 21:32:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713303115; x=1713907915; darn=lists.openwall.com; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=CVQt0WvORjcIVJI+kPg8IyFxYWWM7g+VFExqXaArAIE=; b=AeNH/pye1+O4bxbH7FJNhxDftICKFVbgWnn8nRKQkKoEfxea6ibsgtFFHjn8s8mr1r UGt8JaijhmHRbwh3J2U7E6acypSNTmbkqlJ9Nv0BI5mNvfhEp2Q/g4p9RP6gtb+OUNGT 5rjeVlEyFOcqOHqHUrNjlTojOqRocXPOjEhiRgbbhBRo1IsuIrvPN3lvXiG5wZrD5rut GANZo4n8gb3FdPd7idkrCGdKsLat+IR2SFTPBK/xzoBqGEjpDVA5KSVHnK0wMuYNilje O2kjOx9vGsYXP3cWJwRdYH2Jr+Laz5zkhZObQkizq8MAyroAnehTRGgy7YVS6EeJaNj6 s4VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713303115; x=1713907915; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=CVQt0WvORjcIVJI+kPg8IyFxYWWM7g+VFExqXaArAIE=; b=o7/iKsYvudOfF5xGqt3qkMPJYcgZNx1LHztRCuoGujmUhxwicuY2Fa/unBi/+yB+Q7 7QP8aEMxQtxWkMn4VWuDs8uhlXDwLC+KL1wmaQ4AFIzzNtcUnQCJAGguF0mwP5KfSNr7 +N4+e6ms3ig3ZV4YhR1kQSSTOrUet+xG8deEBPjQGfAuGPJc1tvU9kJRtC3VVL/h7VU/ 8XILr/gLMLxboAApin0W9OjBgTsBqHtgfY20cL1WmhLwHZxkFmwtklXaO8/5D5lZtZEL qACpjguHZm9pgG/KvAORJvcIUvAFkFNo8/TcsMeuBHl18iPWhaNL66M6m+AG4R9vRjjC cYIg== X-Gm-Message-State: AOJu0Yz/7w9A+GXtFtV0qLMB1kVHrEqIIszZe0VhsBdn0ulv/5HQRVgR bKWdWeWbV80u8/EyO4bc4Ltasqi5X7OTT1ARSItreNLn53VxWSIWRHhvtIgdd5H99Sa1W4oPvsy YdhT4fuijLdj51alizma2vR3/zOCcNQ== X-Received: by 2002:a17:90a:f016:b0:2aa:c5a0:99a7 with SMTP id bt22-20020a17090af01600b002aac5a099a7mr2368056pjb.12.1713303114425; Tue, 16 Apr 2024 14:31:54 -0700 (PDT) MIME-Version: 1.0 From: Philippe Cerfon Date: Tue, 16 Apr 2024 23:31:43 +0200 Message-ID: To: oss-security@lists.openwall.com Content-Type: multipart/alternative; boundary="000000000000872b1a06163d7777" Subject: Re: [oss-security] Linux: Disabling network namespaces --000000000000872b1a06163d7777 Content-Type: text/plain; charset="UTF-8" Hey. There's even an allegedly "wontfix" bug of mine where I requested that Debian switches back to a secure default and disables user namesapce which have a long history of being exploitable: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012547 Don't think the current hole one will have been the last one. Unfortunately it seems a feature that only a group of people will need is valued more important than keeping users secure. :-( Regards, Philippe --000000000000872b1a06163d7777--