Re: Issue in man page user_namespaces.7

public inbox for linux-man@vger.kernel.org
 help / color / mirror / Atom feed

From: Alejandro Colomar <alx.manpages@gmail.com>
To: Helge Kreutzmann <debian@helgefjell.de>
Cc: mario.blaettermann@gmail.com, linux-man@vger.kernel.org
Subject: Re: Issue in man page user_namespaces.7
Date: Sun, 22 Jan 2023 22:16:03 +0100	[thread overview]
Message-ID: <4b58c7f4-7b28-4d41-c022-9eebe7742cd9@gmail.com> (raw)
In-Reply-To: <20230122193131.GA29187@Debian-50-lenny-64-minimal>


[-- Attachment #1.1: Type: text/plain, Size: 2492 bytes --]

Hi Helge,

On 1/22/23 20:31, Helge Kreutzmann wrote:
> Without further ado, the following was found:
> 
> Issue 1:  I</proc/ pid /setgroups> → I</proc/>pidI</setgroups>
> Issue 2:  I</proc/ pid /gid_map> → I</proc/>pidI</gid_map>
> Issue 3:  I</proc/ pid /gid_map> → I</proc/>pidI</gid_map>
> 
> "Writing \"I<deny>\" to the I</proc/ pid /setgroups> file before writing to"
> "I</proc/ pid /gid_map> will permanently disable B<setgroups>(2)  in a user"
> "namespace and allow writing to I</proc/ pid /gid_map> without having the"
> "B<CAP_SETGID> capability in the parent user namespace."

Fixed.

Thanks,
Alex


commit d752f865c0355435519c41470ad4cf33ae8557ae (HEAD -> master)
Author: Alejandro Colomar <alx@kernel.org>
Date:   Sun Jan 22 22:15:17 2023 +0100

     user_namespaces.7: ffix

     Reported-by: Helge Kreutzmann <debian@helgefjell.de>
     Cc: Mario Blaettermann <mario.blaettermann@gmail.com>
     Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 838c09278..73d8a4eb8 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -722,9 +722,9 @@ .SS Interaction with system calls that change process UIDs 
or GIDs
  Writing
  .RI \(dq deny \(dq
  to the
-.I /proc/ pid /setgroups
+.IR /proc/ pid /setgroups
  file before writing to
-.I /proc/ pid /gid_map
+.IR /proc/ pid /gid_map
  .\" Things changed in Linux 3.19
  .\" commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8
  .\" commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272
@@ -732,14 +732,14 @@ .SS Interaction with system calls that change process UIDs 
or GIDs
  will permanently disable
  .BR setgroups (2)
  in a user namespace and allow writing to
-.I /proc/ pid /gid_map
+.IR /proc/ pid /gid_map
  without having the
  .B CAP_SETGID
  capability in the parent user namespace.
  .\"
  .\" ============================================================
  .\"
-.SS The /proc/ pid /setgroups file
+.SS The /proc/\fIpid\fP/setgroups file
  .\"
  .\" commit 9cc46516ddf497ea16e8d7cb986ae03a0f6b92f8
  .\" commit 66d2f338ee4c449396b6f99f5e75cd18eb6df272
@@ -839,7 +839,7 @@ .SS The /proc/ pid /setgroups file
  this user namespace.
  .PP
  The
-.I /proc/ pid /setgroups
+.IR /proc/ pid /setgroups
  file was added in Linux 3.19,
  but was backported to many earlier stable kernel series,
  because it addresses a security issue.


-- 
<http://www.alejandro-colomar.es/>

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

next prev parent reply	other threads:[~2023-01-22 21:16 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-22 19:31 Issue in man page user_namespaces.7 Helge Kreutzmann
2023-01-22 21:16 ` Alejandro Colomar [this message]
  -- strict thread matches above, loose matches on Subject: below --
2023-03-11 17:13 Helge Kreutzmann
2023-03-11 23:25 ` Alejandro Colomar
2023-03-12  5:06   ` Helge Kreutzmann
2023-03-12 10:55     ` Alejandro Colomar
2023-01-22 19:31 Helge Kreutzmann
2022-12-04  9:07 Helge Kreutzmann
2022-12-04  9:07 Helge Kreutzmann
2022-12-04 20:20 ` Alejandro Colomar
2022-12-04  9:07 Helge Kreutzmann
2022-12-04 20:14 ` Alejandro Colomar
2022-12-04  9:07 Helge Kreutzmann
2022-12-04 20:15 ` Alejandro Colomar
2022-12-04  9:07 Helge Kreutzmann
2022-12-04  9:07 Helge Kreutzmann
2022-03-13 12:34 Helge Kreutzmann
2022-03-13 12:34 Helge Kreutzmann
2022-03-13 12:34 Helge Kreutzmann
2022-03-13 12:34 Helge Kreutzmann

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:838c0927 dfblob:73d8a4eb )
 OR (
bs:"Re: Issue in man page user_namespaces.7" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4b58c7f4-7b28-4d41-c022-9eebe7742cd9@gmail.com \
    --to=alx.manpages@gmail.com \
    --cc=debian@helgefjell.de \
    --cc=linux-man@vger.kernel.org \
    --cc=mario.blaettermann@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox