Re: [libvirt] CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces
Hi.
On Mon, 23 Dec 2013 23:00:43 -0700
Eric Blake <eblake(a)redhat.com> wrote:
On 12/23/2013 10:55 PM, Eric Blake wrote:
> We are still awaiting a CVE number to be assigned,
Wow, that was fast. I just learned that this is assigned CVE-2013-6456.
Exellent job with these patches. Was worth waiting for them, that's for
sure.
I've applied these patches to my testing environment, and, to my big
surprise, with these patches enabled, 'virsh -c lxc:// shutdown' forces
libvirtd to terminate itself and all its' children.
A relevant part of strace is (3933 is a parent, 4038 is a child from the
fork, syscall_308 is setns):
3933 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|
CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f90ed0aa9d0) = 4038
3933 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
3933 syscall_308(0x16, 0, 0, 0xf5c, 0xf5d, …) = -1 (errno 22)
3933 exit_group(125) = ?
4038 syscall_308(0x16, 0, 0, 0, 0, …) = -1 (errno 22)
4038 open("/dev/initctl", O_WRONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC) = -1
ENOENT (No such file or directory)
4038 exit_group(0) = ?
My best guess it that changed virFork forces libvirtd to misbehave, but
I could be wrong.
Sincerely yours, Reco.