unshare: Operation not permitted - am I safe?
rokcarl opened this issue · comments
I'm on Debian:
$ uname -a
Linux test 4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11) x86_64 GNU/Linux
If I run the ./lucky0
, I get this:
xfrm 3.x - 5.x kernels poc
vitaly [at] duasynt.com
[+] trying to win the race. wait...
[-] unshare: Operation not permitted
This is, if I understand correctly, because I don't have unprivileged user_namespaces enabled.
If I enable them with sysctl -w kernel.unprivileged_userns_clone=1
, then I'm able to run the binary.
My assumption is that this system is safe because you need to have admin rights to run sysctl
, so at that time the attacker doesn't need to run the exploit. So unless someone accidentally or foolishly enables this, the system is safe?