projects / runc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 296ba4a) | patch
CVE-2019-5736
authorShengjing Zhu <zhsj@debian.org>
Sun, 10 Mar 2019 09:47:46 +0000 (17:47 +0800)
committerShengjing Zhu <zhsj@debian.org>
Sun, 10 Mar 2019 09:51:44 +0000 (09:51 +0000)
commit0f1deffa196cf54c2f91f5470fda0294ec15b24f
treef73265ac2464368f6513e383095814e1390d4499tree | snapshot
parent296ba4a5d23a17288bc89185301574a28e9aba38commit | diff
CVE-2019-5736

Backport upstream patches for CVE-2019-5736

Include commits:
2d4a37b427167907ef2402586a8e8e2931a22490 nsenter: cloned_binary: userspace copy fallback if sendfile fails
16612d74de5f84977e50a9c8ead7f0e9e13b8628 nsenter: cloned_binary: try to ro-bind /proc/self/exe before copying
af9da0a45082783f6005b252488943b5ee2e2138 nsenter: cloned_binary: use the runc statedir for O_TMPFILE
2429d59352b81f6b9cc79b5ed26780c5fe6ba4ec nsenter: cloned_binary: expand and add pre-3.11 fallbacks
5b775bf297c47a6bc50e36da89d1ec74a6fa01dc nsenter: cloned_binary: detect and handle short copies
bb7d8b1f41f7bf0399204d54009d6da57c3cc775 nsexec (CVE-2019-5736): avoid parsing environ
0a8e4117e7f715d5fbeef398405813ce8e88558b nsenter: clone /proc/self/exe to avoid exposing host binary to container

Debian-Bug: https://bugs.debian.org/922050

Gbp-Pq: Name CVE-2019-5736.patch
libcontainer/nsenter/cloned_binary.c [new file with mode: 0644] blob
libcontainer/nsenter/nsexec.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.