projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34d19a2) | patch
lxc: add upstream security fix for CVE-2017-5985
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 10 Mar 2017 13:04:00 +0000 (14:04 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 10 Mar 2017 16:19:09 +0000 (17:19 +0100)
commit7ed1bc6976625ca504ec5406f68fdb096ba424eb
tree49cc53fa71456c87a44ccff4a4e5a817ae4050d3tree
parent34d19a23ad8d46166a83da9cd84910ae1c5b2a43commit | diff
lxc: add upstream security fix for CVE-2017-5985

Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold
privilege.

This commit ensures that the caller is privileged over the network namespace
by temporarily dropping privilege.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/lxc/0001-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch [new file with mode: 0644] blob