touch-packages team mailing list archive

[Steve <dave@xxxxxxxx>]

Public bug reported:

This bug/limitation is present in lxc from 1.0.7-0ubuntu0.5 through
1.0.7-0ubuntu0.9 (or anything that incorporates
0003-CVE-2015-1335.patch).  Basically, the limitation is obvious when
using recursive bind mounts because ensure_not_symlink() only checks the
last line of /proc/self/mountinfo which will be a submount so will
always fail the test and trigger:

ensure_not_symlink: 1413 Mount onto /usr/lib/x86_64-linux-
gnu/lxc/storage resulted in /usr/lib/x86_64-linux-
gnu/lxc/storage/submount, not /usr/lib/x86_64-linux-gnu/lxc/storage

Sorry if this is a duplicate, I did spend quite some time trying to find
a similar report.

Thanks!

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1509752

Title:
  Bug in ensure_not_symlink() from 0003-CVE-2015-1335.patch

Status in lxc package in Ubuntu:
  New

Bug description:
  This bug/limitation is present in lxc from 1.0.7-0ubuntu0.5 through
  1.0.7-0ubuntu0.9 (or anything that incorporates
  0003-CVE-2015-1335.patch).  Basically, the limitation is obvious when
  using recursive bind mounts because ensure_not_symlink() only checks
  the last line of /proc/self/mountinfo which will be a submount so will
  always fail the test and trigger:

  ensure_not_symlink: 1413 Mount onto /usr/lib/x86_64-linux-
  gnu/lxc/storage resulted in /usr/lib/x86_64-linux-
  gnu/lxc/storage/submount, not /usr/lib/x86_64-linux-gnu/lxc/storage

  Sorry if this is a duplicate, I did spend quite some time trying to
  find a similar report.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1509752/+subscriptions