MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
access
Search

Bypassing Ubuntu's user-namespace restrictions

Thursday March 27, 2025. 09:51 PM , from LWN.net
Ubuntu 23.10 and 24.04 LTS introduced a feature using AppArmor to
restrict access to user namespaces. Qualys has reported
three ways to bypass AppArmor's restrictions and enable local users to
gain full administrative capabilities within a user namespace. Ubuntu
has followed up with a post
that explains the namespace-restriction feature in detail, and says
these bypasses do not constitute security vulnerabilities.

While a superficial observation of the application of user namespaces may indicate privileged (root level) access, this is a fictitious state that is operating as expected, with access control still mapped to the real (root namespace) user's permissions. As such, these bypasses do not enable more access than what the default Linux kernel
unprivileged user namespace feature allows in most Linux
distributions. They do, however, demonstrate limitations that we are
looking to address in order to strengthen existing protections against
as-of-yet-unknown Linux kernel vulnerabilities.

LWN covered Ubuntu 24.04 LTS last May.
Read more at LWN.net
https://lwn.net/Articles/1015649/

Related News

access Ubuntu Linux 25.10 will be called Quizzical Quokka and yes that is really the name BetaNewsApr 1
user New Ubuntu Linux Security Bypasses Require Manual Mitigations SlashdotMar 29
namespace Smart TVs Are Employing Screen Monitoring Tech To Harvest User Data SlashdotMar 28
feature Ubuntu 25.04 Beta brings Linux 6.14, GNOME 48, and more to the Plucky Puffin party -- download it now! BetaNewsMar 27
linux Development Release: Ubuntu 25.04 Beta DistroWatchMar 27
restrictions Ubuntu 25.10 plans to swap GNU coreutils for Rust TheRegisterMar 19
ubuntu [$] Oxidizing Ubuntu: adopting Rust utilities by default LWN.netMar 18
bypasses An AI Coding Assistant Refused to Write Code—and Suggested the User Learn to Do It Himself Wired: Tech.Mar 15
these Strava Bans User for Running in North Korea SlashdotMar 14
bypassing AI Coding Assistant Refuses To Write Code, Tells User To Learn Programming Instead SlashdotMar 14
enable User complained his mouse wasn’t working. But he wasn’t using a mouse TheRegisterMar 14
not Ubuntu to replace classic coreutils and more with new Rust-based alternatives OS NewsMar 13
may Notes from setting up GlobalTalk using QEMU on Ubuntu OS NewsMar 11
vulnerabilities Zuckerberg's Meta Considered Sharing User Data with China, Whistleblower Alleges SlashdotMar 10
namespaces Ubuntu 25.04 (Plucky Puffin) progress LWN.netMar 7
access Dynabook’s Portege laptop bets you’ll want a user-replaceable battery PC WorldMar 7
user PC survival skills: 5 things every PC user should know how to do PC WorldMar 7
namespace Broadcom starts beta for VMware Cloud Foundation 9, the release it reckons will douse user anger TheRegisterMar 4
feature Mozilla is under fire for its updated Firefox user agreement ComputerWorldMar 3
linux Flathub safety: a layered approach from source to user OS NewsFeb 22
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Apr, Tue 1 - 21:07 CEST