Bug#777649: cgmanager security update for jessie

[Niels Thykier <niels@thykier.net>]

Control: tags -1 moreinfo

On 2015-02-11 05:36, Serge Hallyn wrote:
> Package: release.debian.org
> Usertags: jessie-pu
> 
> A security issue was found in cgmanager, allowing root-owned privileged
> containers to fully administer cgroups on the host.  Two other issues
> were found which allow cgmanager to be crashed by unprivileged users.
> These have all been fixed in sid. The debdiff below, against the current
> jessie package, fixes them for jessie.
> 
> debdiff:
> 
> [...]
> + 
> ++	// Make sure target cgroup is under proxy's
> ++	int plen = strlen(pcgpath);
> ++	if (strncmp(pcgpath, path, plen) != 0) {
> ++		nih_error("%s: target cgroup is not below r (%d)'s", __func__,
> ++			r.pid);
> ++		return -1;
> ++	}
> ++
> [...]

Hi,

Is this truly a sufficient test?  The above only tests that pcgpath is a
prefix of path.  I do not know exactly what these paths are, so I have
to ask.

Consider:

  pcgpath = "root"
  pcpgpath = "root-acually-not-really"
  plen = strlen(pcgpath) (= 4)

So if only the first plen characters match, they will be considered
equal.  If you know, cases like this cannot happen, then it is fine.  I
just wanted to double check.

Thanks,
~Niels