Branch: refs/heads/stable-1.0
Home: https://github.com/lxc/lxc
Commit: d670421686b5515732dd503d7aa963381a45275e
https://github.com/lxc/lxc/commit/d670421686b5515732dd503d7aa963381a45275e
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-04-04 (Tue, 04 Apr 2017)
Changed paths:
M src/lxc/console.c
M src/lxc/console.h
M src/lxc/start.c
Log Message:
-----------
CVE-2016-10124: backport new console backend
- Make escape sequence to exit tty optional since we want to reuse
lxc_console_cb_tty_stdin() in lxc_attach.c.
- Export the following functions since they can be reused in other modules:
- lxc_console_cb_tty_stdin()
- lxc_console_cb_tty_master()
- lxc_setup_tios(int fd, struct termios *oldtios);
- lxc_console_winsz(int srcfd, int dstfd);
- lxc_console_cb_sigwinch_fd(int fd, uint32_t events, void *cbdata, struct lxc_epoll_descr *descr);
- lxc_tty_state *lxc_console_sigwinch_init(int srcfd, int dstfd);
- lxc_console_sigwinch_fini(struct lxc_tty_state *ts);
- rewrite lxc_console_set_stdfds()
- Make lxc_console_set_stdfds useable by other callers that do not have
access to lxc_handler.
- Use ssh settings for ptys.
- Remove all asserts from console.{c,h}.
- Adapt start.c to changes.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 99e98d9afa2bea1d299859d35f7547ef9e2fabe6
https://github.com/lxc/lxc/commit/99e98d9afa2bea1d299859d35f7547ef9e2fabe6
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-04-04 (Tue, 04 Apr 2017)
Changed paths:
M src/lxc/lxc_attach.c
Log Message:
-----------
CVE-2016-10124: make lxc-attach use a pty
Previous versions of lxc-attach simply attached to the specified namespaces of
a container and ran a shell or the specified command without first allocating a
pseudo terminal. This made them vulnerable to input faking via a TIOCSTI ioctl
call after switching between userspace execution contexts with different
privilege levels. Newer versions of lxc-attach will try to allocate a pseudo
terminal master/slave pair on the host and attach any standard file descriptors
which refer to a terminal to the slave side of the pseudo terminal before
executing a shell or command. Note, that if none of the standard file
descriptors refer to a terminal lxc-attach will not try to allocate a pseudo
terminal. Instead it will simply attach to the containers namespaces and run a
shell or the specified command.
(This is a backport of a series of patches fixing CVE-2016-10124.)
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 6aae6d0231921093f596f1113432c157d2b343f5
https://github.com/lxc/lxc/commit/6aae6d0231921093f596f1113432c157d2b343f5
Author: Thomas Jarosch <thomas.jarosch at intra2net.com>
Date: 2017-04-04 (Tue, 04 Apr 2017)
Changed paths:
M src/lxc/console.c
Log Message:
-----------
lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
Prevent an endless loop while executing lxc-attach in the background:
The kernel might fire SIGTTOU while an ioctl() in tcsetattr()
is executed. When the ioctl() is resumed and retries,
the signal handler interrupts it again.
We can't configure the TTY to stop sending
the signals in the first place since that
is a modification/write to the TTY already.
Still we clear the TOSTOP flag to prevent further signals.
Command to reproduce the hang:
----------------------------
cat > lxc_hang.sh << EOF
/usr/bin/timeout 5s /usr/bin/lxc-attach -n SOMECONTAINER -- /bin/true
EOF
sh lxc_hang.sh # hangs
----------------------------
Signed-off-by: Thomas Jarosch <thomas.jarosch at intra2net.com>
Commit: 3196b9acf9659ab39d36faa51f4f380580b6a335
https://github.com/lxc/lxc/commit/3196b9acf9659ab39d36faa51f4f380580b6a335
Author: Stéphane Graber <stgraber at stgraber.org>
Date: 2017-04-04 (Tue, 04 Apr 2017)
Changed paths:
M src/lxc/console.c
M src/lxc/console.h
M src/lxc/lxc_attach.c
M src/lxc/start.c
Log Message:
-----------
Merge pull request #1386 from brauner/2017-01-16/fix_CVE-2016-10124_stable-1.0
stable-1.0: backport fixes for CVE-2016-10124
Compare: https://github.com/lxc/lxc/compare/b2ed6cc2e0f9...3196b9acf965