Lack of privilege checking in do_write_pids
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxcfs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned | ||
Wily |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
cd /var/lib/
echo 1 > tasks
In cgmanager, the equivalent action would check for the calling uid's privilege over the target pid's uid. However lxcfs fails to do such a check. Therefore any user only needs write access to the tasks file, and then can move any pid which it can address into the cgroup owning that tasks file.
lxcfs needs to, for each pid, check that the calling uid has the privilege to move the target uid. i.e.:
* . they are the same task
* . they are ownedy by the same uid
* . @r is root on the host, or
* . @v's uid is mapped into @r's where @r is root.
(copied from the function implementing this for cgmanager).
Note, cgmanager does not do this check for us because we make the cgmanager request as root on the host.
information type: | Private Security → Public Security |
tags: | added: patch |
This is CVE-2015-1344