Comment 7 for bug 1592163
Revision history for this message
| Jay Faulkner (jason-oldos) wrote Re: IPA CoreOS Image mounts GPT disks during cleaning | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Upon further investigation; it appears this is not exploitable for RCE:
1) systemd is blocked from completely executing any of these mount units by the ConditionFileEx
HOWEVER, the udev event still triggers the mount job to attempt to start, so it begins starting, is blocked from completing by systemd, and then automatically stopped; summarily unmounting the dir out from under IPA, and since we properly declare dependencies for our chroot environment, systemd enforces those dependencies and stops the IPA chroot.
I believe this downgrade this from a major vulnerability to a very minor DoS vuln at worst.