Alon Zahavi writes:
Just funny, just hours before this mail I got 3 mails on different
overlayfs copy-up vuln, e.g.
"""
The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: linux (Ubuntu Precise)
Status: New => Won't Fix
--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1534961
"""
...
[Bug 1534961] Re: CVE-2016-1575
[Bug 1547400] Re: CVE-2016-2853
[Bug 1535150] Re: CVE-2016-1576
So it is 5 years and not so much changed :-)
Overlayfs and alike where lower privileged user can simultaneously
access lower/upper AND the mounted file system is extremely dangerous
and prone to so many vulns, that nobody should use/allow that.
hd