monitor.h \
namespace.h \
raw_syscalls.h \
+ rexec.h \
start.h \
state.h \
storage/btrfs.h \
endif
if ENFORCE_MEMFD_REXEC
-liblxc_la_SOURCES += rexec.c
+liblxc_la_SOURCES += rexec.c rexec.h
endif
AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
if ENABLE_TOOLS
lxc_attach_SOURCES = tools/lxc_attach.c \
+ rexec.c rexec.h \
tools/arguments.c tools/arguments.h
lxc_autostart_SOURCES = tools/lxc_autostart.c \
tools/arguments.c tools/arguments.h
errno = saved_errno;
}
-static int lxc_rexec(const char *memfd_name)
+int lxc_rexec(const char *memfd_name)
{
int ret;
char **argv = NULL, **envp = NULL;
*/
__attribute__((constructor)) static void liblxc_rexec(void)
{
- if (lxc_rexec("liblxc")) {
+ if (getenv("LXC_MEMFD_REXEC") && lxc_rexec("liblxc")) {
fprintf(stderr, "Failed to re-execute liblxc via memory file descriptor\n");
_exit(EXIT_FAILURE);
}
--- /dev/null
+/* liblxcapi
+ *
+ * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
+ * Copyright © 2019 Canonical Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this library; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __LXC_REXEC_H
+#define __LXC_REXEC_H
+
+extern int lxc_rexec(const char *memfd_name);
+
+#endif /* __LXC_REXEC_H */
#include "config.h"
#include "confile.h"
#include "log.h"
+#include "rexec.h"
#include "utils.h"
lxc_log_define(lxc_attach, lxc);
+/**
+ * This function will copy any binary that calls liblxc into a memory file and
+ * will use the memfd to rexecute the binary. This is done to prevent attacks
+ * through the /proc/self/exe symlink to corrupt the host binary when host and
+ * container are in the same user namespace or have set up an identity id
+ * mapping: CVE-2019-5736.
+ */
+#ifdef ENFORCE_MEMFD_REXEC
+__attribute__((constructor)) static void lxc_attach_rexec(void)
+{
+ if (!getenv("LXC_MEMFD_REXEC") && lxc_rexec("lxc-attach")) {
+ fprintf(stderr, "Failed to re-execute lxc-attach via memory file descriptor\n");
+ _exit(EXIT_FAILURE);
+ }
+}
+#endif
+
static int my_parser(struct lxc_arguments *args, int c, char *arg);
static int add_to_simple_array(char ***array, ssize_t *capacity, char *value);
static bool stdfd_is_pty(void);
projects / thirdparty / lxc.git / commitdiff
