xenbits.xensource.com Git - libvirt.git/commit

]> xenbits.xensource.com Git - libvirt.git/commit

author	Eric Blake <eblake@redhat.com>
	Tue, 24 Dec 2013 05:55:51 +0000 (22:55 -0700)
committer	Daniel P. Berrange <berrange@redhat.com>
	Tue, 18 Feb 2014 12:59:02 +0000 (12:59 +0000)
commit	aebbcdd33c8c18891f0bdbbf8924599a28152c9c
tree	11f8bac649d2e88692c2e09e75b7f800eebda899	tree
parent	7c72ef6f555f1f9844d51be2f38f078bc908652c	commit \| diff

CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code

Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
lxcDomainReboot. Otherwise, a malicious guest could use symlinks
to force the host to manipulate the wrong file in the host's namespace.

Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n@gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

Signed-off-by: Eric Blake <eblake@redhat.com>

src/lxc/lxc_driver.c		diff \| blob \| blame \| history
src/util/virinitctl.c		diff \| blob \| blame \| history
src/util/virinitctl.h		diff \| blob \| blame \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom