Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Nov 2016 10:53:20 -0600
From: Tyler Hicks <>
Cc: Roman Fiedler <>,
 St├ęphane Graber <>,
 "Eric W. Biederman" <>
Subject: Security issue in LXC (CVE-2016-8649) with additional Linux kernel

Roman Fiedler from AIT discovered that a malicious root user in an LXC
container can ptrace the connecting lxc-attach process and then
manipulate it.


CVE-2016-8649 was assigned to the issue that allows an attacker inside
of an unprivileged container to use an inherited file descriptor, of the
host's /proc, to access the rest of the host's filesystem via the
openat() family of syscalls. The file descriptor is needed to write to
/proc/<PID>/attr/current or /proc/<PID>/attr/exec to set the
AppArmor/SELinux label of the attached process. The LXC upstream
developers have developed a patch to protect against this attack by only
passing a file descriptor of either the current or exec file itself.

There's also an additional attack where a malicious root user in an
unprivileged container can ptrace the connecting lxc-attach process and
bypass the AppArmor/SELinux confinement completely and/or prevent
lxc-attach from dropping privileges (privileges equal to the user that
initial ran lxc-attach). To fix that issue, a kernel patch is needed to
prevent such a ptrace operation. The LXC upstream developers report that
the following patch from Eric Biederman prevents this attack:

The kernel patch has not yet been merged and, as far as I know, is not
associated with any CVE. The Ubuntu Kernel team reports that it fixes
the disputed CVE-2015-8709, in addition to the issue described above,
but I do not believe that they are the same issue.

I'm not sure if a CVE should be assigned for this kernel issue. At
this point, I don't understand the full impact of that kernel change
well enough to put together a meaningful CVE request. Suggestions/ideas
are welcome.

The LXC fix for CVE-2016-8649 that withholds the /proc fd from the
connecting lxc-attach process mitigates the kernel issue in that it,
even though the malicious root user in the container can bypass MAC
confinement and/or prevent privilege dropping, there's no obvious way to
access or modify the host filesystem.


Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ