[lxc-devel] [lxc/lxc] 72cf81: CVE-2015-1331: lxclock: use /run/lxc/lock rather t...

Wed Jul 22 14:10:38 UTC 2015

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 72cf81f6a3404e35028567db2c99a90406e9c6e6
      https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-07-22 (Wed, 22 Jul 2015)

  Changed paths:
    M src/lxc/lxclock.c
    M src/tests/locktests.c

  Log Message:
  -----------
  CVE-2015-1331: lxclock: use /run/lxc/lock rather than /run/lock/lxc

This prevents an unprivileged user to use LXC to create arbitrary file
on the filesystem.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>

  Commit: 5c3fcae78b63ac9dd56e36075903921bd9461f9e
      https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-07-22 (Wed, 22 Jul 2015)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  CVE-2015-1334: Don't use the container's /proc during attach

A user could otherwise over-mount /proc and prevent the apparmor profile
or selinux label from being written which combined with a modified
/bin/sh or other commonly used binary would lead to unconfined code
execution.

Reported-by: Roman Fiedler
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

Compare: https://github.com/lxc/lxc/compare/f52c0d2677e3...5c3fcae78b63