[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#34446] Runc container escape patches CVE-2019-5736
From: |
Danny Milosavljevic |
Subject: |
[bug#34446] Runc container escape patches CVE-2019-5736 |
Date: |
Tue, 12 Feb 2019 01:10:34 +0100 |
Hi Leo,
as originally released by upstream, Docker looks up auxiliary commands in PATH,
using a Go function called "LookPath".
Our package definition patches a lot of the specific LookPath calls to
refer to inputs by absolute path.
I've booby-trapped the remaining LookPath calls so we won't accidentially
have an internal tool looked up in $PATH.
If we have not forgotten any LookPath calls, there should have been no remaining
LookPath calls and it would not have failed the build.
> .gopath/src/github.com/docker/docker/vendor/github.com/docker/libnetwork/iptables/iptables.go:90:15:
> undefined: exec.Guix_doesnt_want_LookPath
> .gopath/src/github.com/docker/docker/vendor/github.com/docker/libnetwork/iptables/iptables.go:90:45:
> invalid character U+005C '\'
Please examine line 90. It probably has a LookPath line with a new argument we
haven't seen before.
That means we'd have to find out which Guix package has an executable named like
the argument and add a case to the existing LookPath substituter in order to
also substitute it.
pgpgdIYli3wqr.pgp
Description: OpenPGP digital signature