Comment 10 for bug 1643734
Revision history for this message
| Alexander Larsson (alexlarsson) wrote | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
There is no easy way to test the CVE without changes to bwrap, because it involves ptracing the process tree while racing startup. When i tested the fix i inserted a sleep in the code and attached to it with strace to verify that it was possible to ptrace at that point. You can test it in a similar way i guess.
But basically, with 0.1.5 you should not be able to ptrace the setup code at all, even when using user namespaces (--unshare-user), and thus you can't hijack the code to make it do something weird.
Additionally, even if you were to ptrace the unprivileged part of the setup code you now can't ask for a hostname change unless a namespace for that was requested, so its even harder to test the CVE...