[lxc-devel] [lxc/lxc] 7e678d: CVE-2017-5985: Ensure target netns is caller-owned
GitHub
noreply at github.com
Thu Mar 9 16:33:22 UTC 2017
Branch: refs/heads/stable-1.1
Home: https://github.com/lxc/lxc
Commit: 7e678d3d2a297abe8a6e2d673a7ada3994ebe4e5
https://github.com/lxc/lxc/commit/7e678d3d2a297abe8a6e2d673a7ada3994ebe4e5
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-03-07 (Tue, 07 Mar 2017)
Changed paths:
M src/lxc/lxc_user_nic.c
Log Message:
-----------
CVE-2017-5985: Ensure target netns is caller-owned
Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.
This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.
Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Reported-by: Jann Horn <jannh at google.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
More information about the lxc-devel
mailing list