]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 72cf81f) | patch
CVE-2015-1334: Don't use the container's /proc during attach
authorStéphane Graber <stgraber@ubuntu.com>
Thu, 16 Jul 2015 20:37:51 +0000 (16:37 -0400)
committerStéphane Graber <stgraber@ubuntu.com>
Wed, 22 Jul 2015 14:10:19 +0000 (10:10 -0400)
commit5c3fcae78b63ac9dd56e36075903921bd9461f9e
treea2c77ce262f3322a5275bd2b2fe97e606643ac98tree | snapshot
parent72cf81f6a3404e35028567db2c99a90406e9c6e6commit | diff
CVE-2015-1334: Don't use the container's /proc during attach

A user could otherwise over-mount /proc and prevent the apparmor profile
or selinux label from being written which combined with a modified
/bin/sh or other commonly used binary would lead to unconfined code
execution.

Reported-by: Roman Fiedler
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
src/lxc/attach.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git