1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
From f267d6668e3a95cb2247accb169cf1bc7f8ffcab Mon Sep 17 00:00:00 2001
From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Date: Wed, 20 Jan 2016 10:53:57 +0000
Subject: [PATCH] mount_proc_if_needed: only safe mount when rootfs is defined
The safe_mount function was introduced in order to address CVE-2015-1335,
one of the vulnerabilities being a mount with a symlink for the
destination path. In scenarios such as lxc-execute with no rootfs, the
destination path is the host /proc, which is previously mounted by the
host, and is unmounted and mounted again in a new set of namespaces,
therefore eliminating the need to check for it being a symlink.
Mount the rootfs normally if the rootfs is NULL, keep the safe mount
only for scenarios where a different rootfs is defined.
Upstream-status: Accepted
[https://github.com/lxc/lxc/commit/f267d6668e3a95cb2247accb169cf1bc7f8ffcab]
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
---
src/lxc/conf.c | 1 +
src/lxc/utils.c | 10 +++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 632dde3..1e30c0c 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
return 0;
}
+/* NOTE: not to be called from inside the container namespace! */
int tmp_proc_mount(struct lxc_conf *lxc_conf)
{
int mounted;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 4e96a50..0bc7a20 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
*
* Returns < 0 on failure, 0 if the correct proc was already mounted
* and 1 if a new proc was mounted.
+ *
+ * NOTE: not to be called from inside the container namespace!
*/
int mount_proc_if_needed(const char *rootfs)
{
@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
return 0;
domount:
- if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
+ if (!strcmp(rootfs,"")) /* rootfs is NULL */
+ ret = mount("proc", path, "proc", 0, NULL);
+ else
+ ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
+
+ if (ret < 0)
return -1;
+
INFO("Mounted /proc in container for security transition");
return 1;
}
--
1.9.1
|
