Kernel log message corruption due to incomplete /proc separation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
lxc (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: lxc
When using LXC (linux containers), /proc/kmsg can be read in guest systems in their filtered view of /proc. This special file should never be present in guest systems, and if created within a guest system, it should be effectively using /dev/null as it's source. The effect of this bug ranges from simply annoying to potentially a security issue in that kernel messages are allowed to be destroyed and never fully logged on the host system, which could be used to cover evidence of some sort of attack on the system.
I'm adding the kernel team as well, as this could be an issue inside the kernel. I'm not sure if /proc filtration happens there or in the context of the lxc userland utilities.
Changed in lxc (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
Changed in lxc (Ubuntu): | |
importance: | Wishlist → Medium |
Changed in lxc (Ubuntu): | |
importance: | Medium → High |
Changed in lxc (Ubuntu): | |
status: | Triaged → Confirmed |
Changed in linux (Ubuntu): | |
status: | Triaged → Incomplete |
status: | Incomplete → Confirmed |
Changed in lxc (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
I should note that this is in Karmic, fully updated as of 05:19 on 26-Oct-2009, EDT (GMT-0400).