]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ce4f39c) | patch
CVE-2017-5985: Ensure target netns is caller-owned stable-1.1
authorChristian Brauner <christian.brauner@ubuntu.com>
Sat, 11 Feb 2017 12:27:06 +0000 (13:27 +0100)
committerStéphane Graber <stgraber@ubuntu.com>
Tue, 7 Mar 2017 19:30:25 +0000 (14:30 -0500)
commit7e678d3d2a297abe8a6e2d673a7ada3994ebe4e5
treece30eb61bbdd3b1ab3ff3bd37edf14189ef2b883tree
parentce4f39c953729be57d2c1d41c4e27eaeb7fd365dcommit | diff
CVE-2017-5985: Ensure target netns is caller-owned

Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.

This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.

Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/lxc_user_nic.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git