The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
2025-06-26近期 Ubuntu 實作了新的沙盒機制來減少攻擊面,然而其乍看之下堅不可摧,但經過研究後發現,繞過方式並沒有想像中那麼困難!本文將介紹我們如何從核心層級著手找出繞過方法,並分享研究過程中遇到的一些有趣故事。
作者文章
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
2025-06-26Recently, Ubuntu introduced sandbox mechanisms to reduce the attack surface, and they seemed unbreakable. However, after carrying out in-depth research, we found that the implementation contained some issues, and bypassing it was not as difficult as expected. This post will explain how we began our research at the kernel level and discovered a bypass method. We will also share some interesting stories from the process.