Right. We do need answers for abstract domain sockets (though from what
you've mentioned, it sounds like we're mostly there already).
This is more about the CVE that we need to get a set of releases out across
the board.
On Sun, May 7, 2017 at 8:26 AM, Andrew Wilkins <<email address hidden>
> wrote:
> It seems my mention of abstract domain sockets was missed, so I'll
> restate in more detail. This doesn't apply to juju-run, but it does
> apply to jujuc (the hook tools: relation-set, relation-get, etc.). The
> jujuc socket is an abstract domain socket, so it has no relationship to
> the filesystem; abstract domain sockets aren't affected by filesystem
> permissions. I think you have to use SCM_CREDENTIALS to do any kind of
> auth on those. This is technically a different bug I guess, but it would
> be good to at least consider how to fix that at the same time.
>
> Seth: on Windows we use named pipes. We'll need to look at whether it is
> similarly affected, but that shouldn't hold up a fix for Linux. Looking
> at the gopkg.in/natefinch/npipe.v2 package, and the CreateNamedPipe
> docs, it appears that the default security descriptor is being used,
> which will restrict full access to administrators and the creator.
>
> --
> You received this bug notification because you are a bug assignee.
> Matching subscriptions: juju bugs
> https://bugs.launchpad.net/bugs/1682411
>
> Title:
> juju-run unit root escalation vulnerability
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1682411/+subscriptions
>
Right. We do need answers for abstract domain sockets (though from what
you've mentioned, it sounds like we're mostly there already).
This is more about the CVE that we need to get a set of releases out across
the board.
On Sun, May 7, 2017 at 8:26 AM, Andrew Wilkins <<email address hidden>
> wrote:
> It seems my mention of abstract domain sockets was missed, so I'll natefinch/ npipe.v2 package, and the CreateNamedPipe /bugs.launchpad .net/bugs/ 1682411 /bugs.launchpad .net/juju/ +bug/1682411/ +subscriptions
> restate in more detail. This doesn't apply to juju-run, but it does
> apply to jujuc (the hook tools: relation-set, relation-get, etc.). The
> jujuc socket is an abstract domain socket, so it has no relationship to
> the filesystem; abstract domain sockets aren't affected by filesystem
> permissions. I think you have to use SCM_CREDENTIALS to do any kind of
> auth on those. This is technically a different bug I guess, but it would
> be good to at least consider how to fix that at the same time.
>
> Seth: on Windows we use named pipes. We'll need to look at whether it is
> similarly affected, but that shouldn't hold up a fix for Linux. Looking
> at the gopkg.in/
> docs, it appears that the default security descriptor is being used,
> which will restrict full access to administrators and the creator.
>
> --
> You received this bug notification because you are a bug assignee.
> Matching subscriptions: juju bugs
> https:/
>
> Title:
> juju-run unit root escalation vulnerability
>
> To manage notifications about this bug go to:
> https:/
>