There might be a second element involved, I'm currently analyzing it.
Shouldn't it be forbidden (SELinux/Apparmor put aside), to have an UID!=0 process PTRACE another one with UID=0 and not even being parent of it?
I'll try to find out, if this is an LXC-independent namespaces local root privilege escalation.
There might be a second element involved, I'm currently analyzing it.
Shouldn't it be forbidden (SELinux/Apparmor put aside), to have an UID!=0 process PTRACE another one with UID=0 and not even being parent of it?
I'll try to find out, if this is an LXC-independent namespaces local root privilege escalation.