We’re excited about the upcoming Ubuntu 24.04 LTS release, Noble Numbat. Like all Ubuntu releases, Ubuntu 24.04 LTS comes with 5 years of free security maintenance for the main repository. Support can be expanded for an extra 5 years, and to include the universe repository, via Ubuntu Pro. Organisations looking to keep their systems secu […]| Ubuntu
English Version, 中文版本 近期 Ubuntu 實作了新的沙盒機制來減少攻擊面,然而其乍看之下堅不可摧,但經過研究後發現,繞過方式並沒有想像中那麼困難!本文將介紹我們如何從核心層級著手找出繞過方法,並分享研究過程中遇到的一些有趣故事。 1. Introduction 1.1. Ubuntu’s New Sandbox Model 長久以來,Linux 提供了 非特權使用者命名空間(Unprivileged User Namespace) 的機制,讓使用者能...| DEVCORE 戴夫寇爾
Recently, Ubuntu introduced sandbox mechanisms to reduce the attack surface, and they seemed unbreakable. However, after carrying out in-depth research, we found that the implementation contained some issues, and bypassing it was not as difficult as expected. This post will explain how we began our research at the kernel level and discovered a bypass method. We will also share some interesting stories from the process.| DEVCORE 戴夫寇爾
Understanding the AppArmor user namespace restriction feature Ubuntu 23.10 and 24.04 LTS introduced new AppArmor-based features to reduce the attack surface presented by unprivileged user namespaces in the Linux kernel. Unprivileged user namespaces are a feature in the Linux kernel that was introduced in order to provide additional sandboxing functionality for programs such as container runtimes; it enables unprivileged users to gain administrator (root) permissions within a confined environm...| Ubuntu Community Hub