FS#46574 - [lxc][CVE-2015-1335] Container Escape
Attached to Project:
Community Packages
Opened by Christian Rebischke (Shibumi) - Monday, 05 October 2015, 22:51 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 07 October 2015, 14:59 GMT
Opened by Christian Rebischke (Shibumi) - Monday, 05 October 2015, 22:51 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 07 October 2015, 14:59 GMT
|
Details
Description
=========== lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a mount target or bind mount source. [1] Workaround ========== 1. do not allow mounts to paths containing symbolic links 2. do not allow bind mounts from relative paths containing symbolic links. [2] References ========== [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1335 [2] https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d greetings Christian Rebischke (Archlinux CVE Monitoring Team) |
This task depends upon
Well, without apparmor or SELinux, privileged containers are completely unsafe so while the CVE doesn't apply to that case (because there's no race to be had), your container is completely unsafe by design.
So my question is now what we do know? I think we should set this message as comment to this 'bug' and then mark it as closed but without the term 'fixed'.