ecryptfs-utils: privilege escalation

2016-01-25T00:00:00
ID ASA-201601-25
Type archlinux
Reporter Arch Linux
Modified 2016-01-25T00:00:00

Description

An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat(), it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation attacks with the help of other programs that use procfs.