| Thread Previous • Date Previous • Date Next • Thread Next |
** Also affects: lxc (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: lxc (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: lxc (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1509752
Title:
Bug in ensure_not_symlink() from 0003-CVE-2015-1335.patch
Status in lxc package in Ubuntu:
Fix Released
Status in lxc source package in Trusty:
New
Bug description:
This bug/limitation is present in lxc from 1.0.7-0ubuntu0.5 through
1.0.7-0ubuntu0.9 (or anything that incorporates
0003-CVE-2015-1335.patch). Basically, the limitation is obvious when
using recursive bind mounts because ensure_not_symlink() only checks
the last line of /proc/self/mountinfo which will be a submount so will
always fail the test and trigger:
ensure_not_symlink: 1413 Mount onto /usr/lib/x86_64-linux-
gnu/lxc/storage resulted in /usr/lib/x86_64-linux-
gnu/lxc/storage/submount, not /usr/lib/x86_64-linux-gnu/lxc/storage
Sorry if this is a duplicate, I did spend quite some time trying to
find a similar report.
Thanks!
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1509752/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
