[lxc-devel] LXC security issue - affects all supported releases
Thomas Moschny
thomas.moschny at gmail.com
Wed Oct 21 19:18:40 UTC 2015
2015-10-02 15:50 GMT+02:00 Serge Hallyn <serge.hallyn at ubuntu.com>:
> Can you tell me what happens when you do an openat with
> O_PATH? Does it simply return < 0? If so then I think this is all ok.
As far as I can see, it behaves as if O_PATH wasn't given at all - so
it doesn't really make a difference whether one "copies" the value of
O_PATH over from elsewhere, or defines it to 0. Both ways feel hackish
though. The second openat() call in open_if_safe() should fail anyway,
so...
> (since an openat without O_PATH already failed, you shouldn't be allowed
> to mount on it in this case)
... a really clean solution would be to #ifdef that code in
open_if_safe(), so it compiles cleanly.
- Thomas
More information about the lxc-devel
mailing list