CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and lxcDomainReboot. Otherwise, a malicious guest could use symlinks to force the host to manipulate the wrong file in the host's namespace. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n@gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394Signed-off-by: NEric Blake <eblake@redhat.com>
Showing
-
mentioned in commit e1e7e053
-
mentioned in commit bd9ec450
-
mentioned in commit 807db4a3
-
mentioned in commit 14d69bd0
-
mentioned in commit 21368274
-
mentioned in commit eb90e48b
-
mentioned in commit fef34333
-
mentioned in commit ba4065b6
-
mentioned in commit 8fca7a4f
-
mentioned in commit ad521843
想要评论请 注册 或 登录