Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1
Hi Antonio, On Fri, Aug 31, 2018 at 04:07:56PM -0300, Antonio Terceiro wrote: > On Fri, Aug 31, 2018 at 02:42:15PM +0200, Salvatore Bonaccorso wrote: > > Hi Antonio, > > > > On Fri, Aug 31, 2018 at 08:14:57AM -0300, Antonio Terceiro wrote: > > > On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote: > > > > Control: tags 905586 + pending > > > > > > > > > > > > Dear maintainer, > > > > > > > > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and > > > > uploaded it to DELAYED/5. > > > > > > Thanks! > > > > > > > Please feel free to tell me if I should delay it longer. > > > > > > on the contrary: please feel free to make it an immediate upload. I will > > > import your diff in the git repository > > > > Thank you, I just have rescheduled it. > > > > if you prefer to have the single commits they are attached to this > > mail. I realize you probably would have prefered a proper merge > > request, but I did not start working from the salsa repo but from a > > gbp import-dsc git repo. > > I had already applied the original diff that you posted before I > replied. Perfect, thanks a lot! Regards, Salvatore
Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1
On Fri, Aug 31, 2018 at 02:42:15PM +0200, Salvatore Bonaccorso wrote: > Hi Antonio, > > On Fri, Aug 31, 2018 at 08:14:57AM -0300, Antonio Terceiro wrote: > > On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote: > > > Control: tags 905586 + pending > > > > > > > > > Dear maintainer, > > > > > > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and > > > uploaded it to DELAYED/5. > > > > Thanks! > > > > > Please feel free to tell me if I should delay it longer. > > > > on the contrary: please feel free to make it an immediate upload. I will > > import your diff in the git repository > > Thank you, I just have rescheduled it. > > if you prefer to have the single commits they are attached to this > mail. I realize you probably would have prefered a proper merge > request, but I did not start working from the salsa repo but from a > gbp import-dsc git repo. I had already applied the original diff that you posted before I replied. signature.asc Description: PGP signature
Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1
Hi Antonio, On Fri, Aug 31, 2018 at 08:14:57AM -0300, Antonio Terceiro wrote: > On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote: > > Control: tags 905586 + pending > > > > > > Dear maintainer, > > > > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and > > uploaded it to DELAYED/5. > > Thanks! > > > Please feel free to tell me if I should delay it longer. > > on the contrary: please feel free to make it an immediate upload. I will > import your diff in the git repository Thank you, I just have rescheduled it. if you prefer to have the single commits they are attached to this mail. I realize you probably would have prefered a proper merge request, but I did not start working from the salsa repo but from a gbp import-dsc git repo. Regards, Salvatore >From d37ad7ef0f5d30b9dc94252726d338f1b44e746e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 29 Aug 2018 15:19:27 +0200 Subject: [PATCH 1/3] utils: add LXC_PROC_PID_FD_LEN --- debian/changelog | 6 ...s-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch | 35 +++ debian/patches/series | 1 + 3 files changed, 42 insertions(+) create mode 100644 debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch diff --git a/debian/changelog b/debian/changelog index e3a1393eabe6..ece65f3f2990 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +lxc (1:2.0.9-7) UNRELEASED; urgency=medium + + * utils: add LXC_PROC_PID_FD_LEN + + -- Salvatore Bonaccorso Wed, 29 Aug 2018 15:19:41 +0200 + lxc (1:2.0.9-6) unstable; urgency=medium * 0004-debian-Use-iproute2-instead-of-iproute.patch: fix creation of diff --git a/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch b/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch new file mode 100644 index ..300264419c2e --- /dev/null +++ b/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch @@ -0,0 +1,35 @@ +From f96f5f3c1341e73ee51c8b49bef4ba571c562d8c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 4 May 2018 11:59:11 +0200 +Subject: [PATCH] utils: add LXC_PROC_PID_FD_LEN + +Signed-off-by: Christian Brauner +--- + src/lxc/utils.h | 11 +++ + 1 file changed, 11 insertions(+) + +diff --git a/src/lxc/utils.h b/src/lxc/utils.h +index a2bad89db..e4d8519db 100644 +--- a/src/lxc/utils.h b/src/lxc/utils.h +@@ -99,6 +99,17 @@ + #define LXC_NUMSTRLEN64 21 + #define LXC_LINELEN 4096 + #define LXC_IDMAPLEN 4096 ++/* /proc/ =6 ++ *+ ++ * = LXC_NUMSTRLEN64 ++ *+ ++ * /fd/ =4 ++ *+ ++ * = LXC_NUMSTRLEN64 ++ *+ ++ * \0 =1 ++ */ ++#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1) + + /* returns 1 on success, 0 if there were any failures */ + extern int lxc_rmdir_onedev(char *path, const char *exclude); +-- +2.17.1 + diff --git a/debian/patches/series b/debian/patches/series index 43c8fba2388b..5ebb5b167444 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ 0002-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch 0003-lxc-debian-don-t-hardcode-valid-releases.patch 0004-debian-Use-iproute2-instead-of-iproute.patch +0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch -- 2.18.0 >From 23be076be26591f506acc929586ce7fa37569400 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 29 Aug 2018 15:20:25 +0200 Subject: [PATCH 2/3] CVE 2018-6556: verify netns fd in lxc-user-nic Closes: #905586 --- debian/changelog | 1 + ...-lxc-user-nic-verify-file-descriptor.patch | 101 ++ debian/patches/series | 1 + 3 files changed, 103 insertions(+) create mode 100644 debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch diff --git a/debian/changelog b/debian/changelog index ece65f3f2990..438982ff7e8d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ lxc (1:2.0.9-7) UNRELEASED; urgency=medium * utils: add LXC_PROC_PID_FD_LEN + * CVE 2018-6556: verify netns fd in lxc-user-nic (Closes: #905586) -- Salvatore Bonaccorso Wed, 29 Aug 2018 15:19:41 +0200 diff --git a/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch b/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch new file mode 100644 index ..c877483af596 --- /dev/null +++ b/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch @@ -0,0 +1,101 @@ +From d183654ec1a2cd1149bdb92601ccb7246bddb14e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 25 Jul 2018 19:56:54 +0200 +Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic + +Signed-off-by: Christian Brauner +--- + src/lxc/lxc_user_nic.c | 35 --- + src/lxc/utils.c| 12 + src/lxc/utils.h
Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1
On Thu, Aug 30, 2018 at 10:06:15PM +0200, Salvatore Bonaccorso wrote: > Control: tags 905586 + pending > > > Dear maintainer, > > I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and > uploaded it to DELAYED/5. Thanks! > Please feel free to tell me if I should delay it longer. on the contrary: please feel free to make it an immediate upload. I will import your diff in the git repository signature.asc Description: PGP signature
Bug#905586: lxc: diff for NMU version 1:2.0.9-6.1
Control: tags 905586 + pending Dear maintainer, I've prepared an NMU for lxc (versioned as 1:2.0.9-6.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Note that the two patches while adressing the issue, still would allow test for existence of files, but this was afaics not adressed explicitly. Regards, Salvatore diff -Nru lxc-2.0.9/debian/changelog lxc-2.0.9/debian/changelog --- lxc-2.0.9/debian/changelog 2018-01-27 15:44:36.0 +0100 +++ lxc-2.0.9/debian/changelog 2018-08-29 15:22:46.0 +0200 @@ -1,3 +1,11 @@ +lxc (1:2.0.9-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * utils: add LXC_PROC_PID_FD_LEN + * CVE 2018-6556: verify netns fd in lxc-user-nic (Closes: #905586) + + -- Salvatore Bonaccorso Wed, 29 Aug 2018 15:22:46 +0200 + lxc (1:2.0.9-6) unstable; urgency=medium * 0004-debian-Use-iproute2-instead-of-iproute.patch: fix creation of diff -Nru lxc-2.0.9/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch lxc-2.0.9/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch --- lxc-2.0.9/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch 1970-01-01 01:00:00.0 +0100 +++ lxc-2.0.9/debian/patches/0005-utils-add-LXC_PROC_PID_FD_LEN_stable-2.0.patch 2018-08-29 15:22:46.0 +0200 @@ -0,0 +1,35 @@ +From f96f5f3c1341e73ee51c8b49bef4ba571c562d8c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 4 May 2018 11:59:11 +0200 +Subject: [PATCH] utils: add LXC_PROC_PID_FD_LEN + +Signed-off-by: Christian Brauner +--- + src/lxc/utils.h | 11 +++ + 1 file changed, 11 insertions(+) + +diff --git a/src/lxc/utils.h b/src/lxc/utils.h +index a2bad89db..e4d8519db 100644 +--- a/src/lxc/utils.h b/src/lxc/utils.h +@@ -99,6 +99,17 @@ + #define LXC_NUMSTRLEN64 21 + #define LXC_LINELEN 4096 + #define LXC_IDMAPLEN 4096 ++/* /proc/ =6 ++ *+ ++ * = LXC_NUMSTRLEN64 ++ *+ ++ * /fd/ =4 ++ *+ ++ * = LXC_NUMSTRLEN64 ++ *+ ++ * \0 =1 ++ */ ++#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1) + + /* returns 1 on success, 0 if there were any failures */ + extern int lxc_rmdir_onedev(char *path, const char *exclude); +-- +2.17.1 + diff -Nru lxc-2.0.9/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch lxc-2.0.9/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch --- lxc-2.0.9/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch 1970-01-01 01:00:00.0 +0100 +++ lxc-2.0.9/debian/patches/0006-stable-2.0-lxc-user-nic-verify-file-descriptor.patch 2018-08-29 15:22:46.0 +0200 @@ -0,0 +1,101 @@ +From d183654ec1a2cd1149bdb92601ccb7246bddb14e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 25 Jul 2018 19:56:54 +0200 +Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic + +Signed-off-by: Christian Brauner +--- + src/lxc/lxc_user_nic.c | 35 --- + src/lxc/utils.c| 12 + src/lxc/utils.h| 5 + + 3 files changed, 49 insertions(+), 3 deletions(-) + +--- a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c +@@ -1124,12 +1124,41 @@ int main(int argc, char *argv[]) + exit(EXIT_FAILURE); + } + } else if (request == LXC_USERNIC_DELETE) { +- netns_fd = open(args.pid, O_RDONLY); ++ char opath[LXC_PROC_PID_FD_LEN]; ++ ++ /* Open the path with O_PATH which will not trigger an actual ++ * open(). Don't report an errno to the caller to not leak ++ * information whether the path exists or not. ++ * When stracing setuid is stripped so this is not a concern ++ * either. ++ */ ++ netns_fd = open(args.pid, O_PATH | O_CLOEXEC); + if (netns_fd < 0) { +- usernic_error("Could not open \"%s\": %s\n", args.pid, +- strerror(errno)); ++ usernic_error("Failed to open \"%s\"\n", args.pid); ++ exit(EXIT_FAILURE); ++ } ++ ++ if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) { ++ usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid); ++ close(netns_fd); ++ exit(EXIT_FAILURE); ++ } ++ ++ ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd); ++ if (ret < 0 || (size_t)ret >= sizeof(opath)) { ++ close(netns_fd); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* Now get an fd that we can use in setns() calls. */ ++ ret = open(opath, O_RDONLY | O_CLOEXEC); ++ if (ret < 0) { ++ usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno)); ++ close(netns_fd); + exit(EXIT_FAILURE); + } ++ close(netns_fd); ++ netns_fd = ret; + } + + if (!create_db_dir(LXC_USERNIC_DB)) { +--- a/src/lxc/utils.c b/src/lxc/utils.c +@@ -2377,6 +2377,18 @@ bool has_fs_type(const char *path, fs_ty + return has_type; + } + ++bool fhas_fs_type(int fd, fs_type_magic magic_val) ++{ ++ int ret; ++ struct statfs sb; ++ ++ ret = fstatfs(fd, ); ++ if (ret < 0) ++