[lxc-devel] [lxc/lxc] c905f0: CVE-2017-5985: Ensure target netns is caller-owned

GitHub noreply at github.com
Thu Mar 9 16:33:14 UTC 2017


  Branch: refs/heads/stable-1.0
  Home:   https://github.com/lxc/lxc
  Commit: c905f00ad78b78a5e9c0d67504b86e00dfe085ec
      https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-03-07 (Tue, 07 Mar 2017)

  Changed paths:
    M src/lxc/lxc_user_nic.c

  Log Message:
  -----------
  CVE-2017-5985: Ensure target netns is caller-owned

Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.

This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.

Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Reported-by: Jann Horn <jannh at google.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>




More information about the lxc-devel mailing list