ecryptfs-utils: privilege escalation

ID ASA-201601-25
Type archlinux
Reporter Arch Linux
Modified 2016-01-25T00:00:00


An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat(), it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation attacks with the help of other programs that use procfs.