oss-sec mailing list archives

Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up

From: halfdog <me () halfdog net>
Date: Mon, 18 Oct 2021 17:52:51 +0000

Alon Zahavi writes:


After disclosing the issue with the linux-distros mailing list,
I am reporting the security issue publicly to here. There is
no patch available and may not be available for a long time
because the kernel can't enforce the mitigation proposed, as
that would be a layering violation and could also possibly
cause a regression. This vulnerability was attached with
CVE-2021-3847. Here is the report that was initially sent:
...


Just funny, just hours before this mail I got 3 mails on different
overlayfs copy-up vuln, e.g.

"""
The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release

** Changed in: linux (Ubuntu Precise)
       Status: New => Won't Fix

-- 
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1534961
"""
...

[Bug 1534961] Re: CVE-2016-1575
[Bug 1547400] Re: CVE-2016-2853
[Bug 1535150] Re: CVE-2016-1576

So it is 5 years and not so much changed :-)

Overlayfs and alike where lower privileged user can simultaneously
access lower/upper AND the mounted file system is extremely dangerous
and prone to so many vulns, that nobody should use/allow that.

hd

Current thread:

CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Alon Zahavi (Oct 14)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up halfdog (Oct 18)
- Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Miklos Szeredi (Oct 19)
  - Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Thadeu Lima de Souza Cascardo (Oct 19)
    - Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up Miklos Szeredi (Oct 20)