13 Oct
2023
13 Oct
'23
12:54 p.m.
On Fri, 13 Oct 2023 11:03:55 +1300, Peter Reutemann wrote:
https://arstechnica.com/gadgets/2023/10/ubuntu-23-10-is-a-smidge-smaller-a-b...
I followed the link to the Google blog post <https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html> that was supposed to say that 44% of exploit chains now make some use of unprivileged user namespaces, and as far as I can tell, it says no such thing. That particular article talks about a kernel feature called io_uring, for doing high-performance asynchronous I/O. While it has been in the kernel for some years, it is still turning up new security holes for adversaries to exploit. Nothing in there about namespaces at all.