Almost 40% of #Ubuntu users vulnerable to new privilege elevation flaws
"Both vulnerabilities are unique to Ubuntu kernels since they stemmed from Ubuntu's individual changes to the #OverlayFS module," warned the Wiz researchers. Ubuntu has released a security bulletin about the issues and six more vulnerabilities addressed in the latest version of the Ubuntu #Linuxkernel and has made fixing updates available.
https://www.bleepingcomputer.com/news/security/almost-40-percent-of-ubuntu-users-vulnerable-to-new-privilege-elevation-flaws/ #Linux

KernelSU

KernelSU is a Kernel based root solution for Android devices. It features kernel-based su and root access management as well as a Module system based on overlayfs (similar to Magisk). KernelSU works whitelist-based: Only App that is granted root permission can access su, other apps cannot perceive su.

More Details: https://kernelsu.org/guide/what-is-kernelsu.html

#Android #FOSS #OSS #OpenSource #su #root #Magisk #Google #AndroidRooting #overlayfs #izzyondroid #kernelsu #kernel

Any other Ubuntu users able to replicate a very odd overlayfs bug that doesn't seem to be in the mainline kernel? #kernel #bugreporting #overlayfs

https://askubuntu.com/q/1465289/612

device tree overlay file crashing linux #drivers #kernel #devices #overlayfs #tree

https://askubuntu.com/q/1460457/612

Does anyone know what the workdir parameter for #overlayfs (https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#directories) mount points in #Linux is for? Most/all examples use it but none actually define what it is for or why it's needed.

Apparently #OverlayFS on #ZFS upperdir or workdir doesn't work anyway, boo. It's been a known issue for at least 5 years. Link to a work around from duplicate bug report: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1873917 #Linux

I'm a RAID noob, but I'm not a fan of striped RAID where file contents are stripped across disks. I only use mirroring (RAID 1); but now trying a union mount. I wish this was part of the RAID spec so I don't have to bash together #OverlayFS + #ZFS and hope for the best. #Linux

@murm https://github.com/ValShaped/rwfus
It was originally meant to create a bunch of systemd *.mount units which would overlay-mount some static mounts, enough to get pacman working for some basic packages (/usr/, /etc/pacman.d/, ...)
But then Valve went and enabled case-folding on new Decks' home partitions, and it needed a more nuanced (read: hacky) approach, because #overlayfs is incompatible with case-folding filesystems

#InfoSec
> #Firejail: #Insecure Use of #OverlayFS as #Sandbox File System
> Firejail is a #SUID security sandbox program that reduces the risk of #security breaches by restricting the running environment of untrusted applications using #Linux #namespaces and #seccomp-#bpf.
> [...] a #RaceCondition [...] allows creation of or granting write access to arbitrary files.
https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/

Finally! I figured out the issues of #wireguard on #Alpine/armv7. whatsoever, this issue seems to be the same as the one on Slackware live.

So the cause seems to be related to diskless features: somewhere in kernel/modules cannot be written to install wg module.

There’s a fantastic workaround by someone on alpine mailing list solved this by mounting modloop as #overlayfs.

Anyway i don’t have time to dig deeper on it but just want to use wg on my local “router” serving my device. addictive!

I got multiple Raspberry Pi 3 booting via network from an OpenWRT router. AMA.

#dhcp #nightmares #dnsmasq #nfs #overlayfs #tmpfs

If you accidentally type in the correct words, it isn't even _that_ hard 😂