[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 442-1] lxc security update

Package        : lxc
Version        : 0.7.2-1+deb6u1
CVE ID         : CVE-2013-6441 CVE-2015-1335
Debian Bug     : #800471

Brief introduction 


    The template script lxc-sshd used to mount itself as /sbin/init in the
    container using a writable bind-mount.

    This update resolved the above issue by using a read-only bind-mount
    instead preventing any form of potentially accidental damage.


    On container startup, lxc sets up the container's initial file system
    tree by doing a bunch of mounting, guided by the container's configuration

    The container config is owned by the admin or user on the host, so we
    do not try to guard against bad entries. However, since the mount
    target is in the container, it's possible that the container admin
    could divert the mount with symbolic links. This could bypass proper
    container startup (i.e. confinement of a root-owned container by the
    restrictive apparmor policy, by diverting the required write to
    /proc/self/attr/current), or bypass the (path-based) apparmor policy
    by diverting, say, /proc to /mnt in the container.

    This update implements a safe_mount() function that prevents lxc from
    doing mounts onto symbolic links.

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: Digital signature

Reply to: