Comment 0 for bug 1031311
Revision history for this message
| Pádraig Brady (p-draigbrady) wrote CVE-2012-3361 not fully addressed | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Unfortunately the patches released for bug 1015531, didn't consider permissions in the guest.
If there is a root only readable directory in the guest containing the dodgy symlinks,
then they will not be detected by _join_and_
Therefore the equivalent of this function needs to run as the root user.
Folsom patch attached.
Diablo & Essex versions would need readlink added to rootwrap