** Changed in: lxc (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2081762
Title:
[SRU] lxc-excecute NULL pointer dereference causes segfault when
sharing rootfs with host
Status in lxc:
Fix Released
Status in lxc package in Ubuntu:
Fix Released
Status in lxc source package in Noble:
Fix Released
Status in lxc source package in Oracular:
Fix Released
Status in lxc source package in Plucky:
Fix Released
Status in lxc package in Debian:
Fix Released
Bug description:
[ Impact ]
lxc-execute will crash with a segfault if the user tries to use the
host rootfs as a shared rootfs.
$ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr
Segmentation fault
[ Test Plan ]
install lxc
$ cat > lxc.conf <<EOF
lxc.uts.name=lxc-test-1
lxc.net.0.type = empty
lxc.console.path = none
lxc.tty.max = 1
lxc.pty.max = 128
lxc.mount.auto = proc:rw sys cgroup
lxc.autodev = 1
EOF
$ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr
If the package is fixed, it will display output from 'ls'.
[ Where problems could occur ]
This is an upstream patch which is only checking if a pointer is not
NULL before dereferencing it. There is no other change in the code
apart from this pointer check. There is very minimum chance of any
regression due to this change.
[ Other Info ]
It is now fixed in Plucky.
Even though Debian has an updated 1:6.0.2-1, but the issue is still
reproducible on Debian.
[ Original Bug Description ]
lsb_release -rd:
Description: Ubuntu 24.04.1 LTS
Release: 24.04
lxc-start --version: 5.0.3
Issue: lxc-execute segfaults when using a shared host rootfs due to a
NULL pointer deference.
In lxc/src/lxc/conf.c - lines 339 - 344
The call to lxc_storage_prepare detects no rootfs path and returns
without calling storage_init
In lxc/src/lxc/conf.c - lines 293 - 310
leaving rootfs->storage null.
Then dereferencing rootfs->storage->type causes a segfault.
Steps to reproduce:
1. use lxc.conf:
lxc.uts.name=lxc-test-1
lxc.net.0.type = empty
lxc.console.path = none
lxc.tty.max = 1
lxc.pty.max = 128
lxc.mount.auto = proc:rw sys cgroup
lxc.autodev = 1
2. Run:
$ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /dev
Segmentation fault
I've attached a patch as a possible fix. Running the same example
above with the patch applied runs without crashing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lxc/+bug/2081762/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
