lxcfs does not properly enforce directory escapes
Bug #1508481 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxcfs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
lxcfs, like cgmanager, is meant to enforce that a task under cgroup /a/b/c cannot query or update cgroups which are not /a/b/c or its descendents.
Since lxcfs is a filesystem, it makes an exception so that 'ls /a' (really 'ls /var/lib/
This enforcement is not complete. So if you are logged into 5:freezer:
0 ✓ serge@sl ~ $ sudo mkdir /var/lib/
0 ✓ serge@sl ~ $ ls /sys/fs/
cgroup.
DAC permission still apply, locking unprivileged containers.
information type: | Private Security → Public Security |
To post a comment you must log in.
This is CVE-2015-1342