From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:53891 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758228AbbGHOVc (ORCPT ); Wed, 8 Jul 2015 10:21:32 -0400 Date: Wed, 8 Jul 2015 07:21:30 -0700 From: Greg KH To: "Eric W. Biederman" Cc: stable@vger.kernel.org, stable-commits@vger.kernel.org Subject: Re: Patch "vfs: Ignore unlocked mounts in fs_fully_visible" has been added to the 3.14-stable tree Message-ID: <20150708142130.GA10625@kroah.com> References: <1436340168253173@kroah.com> <874mlebwsj.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <874mlebwsj.fsf@x220.int.ebiederm.org> Sender: stable-owner@vger.kernel.org List-ID: On Wed, Jul 08, 2015 at 08:31:40AM -0500, Eric W. Biederman wrote: > > Are: > > mnt: Refactor the logic for mounting sysfs and proc in a user namespace 1b852bceb0d111e510d1a15826ecc4a19358d512 > mnt: Modify fs_fully_visible to deal with locked ro nodev and atime 8c6cf9cc829fcd0b179b59f7fe288941d0e31108 > > coming? > > Anyone being able to remove the read-only mount status of > proc and sysfs is scary bug. I think I have seen CVE flying I was going to wait for the next round of stable kernels for these fixes, I had to draw the line somewhere. I wasn't aware there was a CVE for this, if you think they should go in now, I'll go add them. But wasn't there more than just these two? I see a number of patches in my queue around this area that you were asking to be included in stable kernels. thanks, greg k-h