Bug#655385: [squeeze openvz] "Cannot allocate memory" when doing "cat /proc/self/mountinfo" inside a vm
Michael Renner <michael.renner@amd.co.at> [120702]:
> On Jun 28, 2012, at 7:18 , Ola Lundqvist wrote:
>
> > I do not know if there is much point in that. We can do that of course
> > but as we soon have a new release without those kernels I do not
> > really see the benefit of doing so.
>
>
> As long as the Debian Squeeze kernels are actively maintained serious
> regressions and/or security issues within OpenVZ should be addressed
> as well. I don't care about small functionality issues since most of
> the OpenVZ users are accustomed to them by now, but if something
> breaks this needs to be addressed.
I am affected by that bug, as updatedb crashes inside a VZ:
=================================================
101# cat /proc/self/mountinfo
cat: /proc/self/mountinfo: Cannot allocate memory
=================================================
> If you don't do this, please drop the kernels altogether so that
> people can build an alternate repository and don't get led into the
> false assumption that Debian is taking care of them. The half-assed
> approach you propose is hurting more than it helps.
>
>
> Rationale:
>
> * The bug can lead to easy denial of service attacks from unprivileged
> users within containers
> * The (unverified?) fix for this bug is a 4 line diff.
> * Wheezy Puppet includes code that reads /proc/self/mountinfo causing
> puppet-managed Wheezy containers on Squeeze OpenVZ hosts to exhibit
> the DoS scenario outlined above.
The patch is an attachment to the archives of the openvz users mailing list.
Can someone fix that?
--
Benjamin Henrion <bhenrion@ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
Reply to: