Mastodawn

N-gated Hacker News Mar 29, 2025

💥🔧 Ubuntu's #unprivileged user namespace restrictions are about as useful as a chocolate teapot, as revealed by three new bypasses. Meanwhile, #security advisories pile up like unread emails, and #Ubuntu users everywhere double down on their favorite pastime: keeping their fingers crossed. 🤞📧
https://seclists.org/oss-sec/2025/q1/253 #Bypass #UserNamespace #Vulnerabilities #HackerNews #ngated

oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions

Hacker News Mar 29, 2025

OSS-SEC: Three bypasses of Ubuntu's unprivileged user namespace restrictions

https://seclists.org/oss-sec/2025/q1/253

#HackerNews #OSSSEC #Ubuntu #Security #Vulnerabilities #UserNamespace #Bypasses #OpenSource

oss-sec: Three bypasses of Ubuntu's unprivileged user namespace restrictions

Axel 🚴😷🐧🐪⌨ | #WeAreNatenom Mar 3, 2025

#TIL: #Firefox on #Linux works fine with

user.max_user_namespaces = 0

as well as with

user.max_user_namespaces = 100

but not with

user.max_user_namespaces = 1

which seems to have been set by default on my #DebianUnstable since last week or so.

Also Firefox' error messages on the shell where I started it weren't really that helpful:

Failed to launch tab subprocess @fork (Error:28): file ipc/[…]
fork() failed: No space left on device: file ipc/[…]

#UserNS #UserNamespace #sysctl