Unprivileged Does Not Generally Imply Full Administrative Rights
Those running Ubuntu 23.10 and newer need to make some changes to their system configuration to deal with serious issues with the new unprivileged user namespaces feature. These namespaces should create an isolated sandbox where a user can be granted any permissions, such as root, which they might need inside that container but without granting them escalated privileges outside of that namespace. That would be a great feature, if it worked as intended. Unfortunately the default settings offer three different ways to create a new unprivileged user namespace with full root privileges for the entire system.
The three methods include bypassing aa-exec, busybox, or LD_PRELOAD to create a new namespace with full root access which can be leverage to impact parts of the system supposedly walled off from these unprivileged user namespaces. Thankfully there are ways to mitigate all three vulnerabilities while still maintaining the ability to use this new feature. Bleeping Computer published the four steps you should take here, so head over and make sure to apply them.
Source link
