-
CVE-2017-5985: Ensure target netns is caller-owned · c905f00aChristian Brauner authored
Before this commit, lxc-user-nic could potentially have been tricked into operating on a network namespace over which the caller did not hold privilege. This commit ensures that the caller is privileged over the network namespace by temporarily dropping privilege. Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676Reported-by:
Jann Horn <jannh@google.com> Signed-off-by:
Christian Brauner <christian.brauner@ubuntu.com>
×