Date: Tue, 12 Feb 2019 14:55:18 +0100 From: Florian Weimer <fweimer@...hat.com> To: Aleksa Sarai <cyphar@...har.com> Cc: oss-security@...ts.openwall.com, dev@...ncontainers.org, Christian Brauner <christian.brauner@...ntu.com> Subject: Re: CVE-2019-5736: runc container breakout (all versions) * Aleksa Sarai: > + memfd = memfd_create(MEMFD_COMMENT, MFD_CLOEXEC|MFD_ALLOW_SEALING); > + if (memfd < 0) > + goto err_binfd; Is it really necessary to use a memfd_create here? Do you really need sealing? It's a bit odd to add a new system call dependency in a security update. The ability fexecve a memfd descriptor is also rather odd. I wouldn't have expected execute permissions on memfd descriptors, so this sounds like a kernel bug (which now can't be fixed). I saw some other patch with a O_TMPFILE replacement. Does this really work? It's possible to create a new name with linkat, so that's not a real win security-wise. Could you just make a copy, under a different owner, and not care how it is going to be modified? Thanks, Florian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.