[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#34446: Runc container escape patches CVE-2019-5736

From: Leo Famulari
Subject: bug#34446: Runc container escape patches CVE-2019-5736
Date: Tue, 12 Feb 2019 12:56:31 -0500
User-agent: Mutt/1.11.2 (2019-01-07)

On Tue, Feb 12, 2019 at 01:10:34AM +0100, Danny Milosavljevic wrote:
> as originally released by upstream, Docker looks up auxiliary commands in 
> using a Go function called "LookPath".
> Our package definition patches a lot of the specific LookPath calls to
> refer to inputs by absolute path.
> I've booby-trapped the remaining LookPath calls so we won't accidentially
> have an internal tool looked up in $PATH.
> If we have not forgotten any LookPath calls, there should have been no 
> remaining
> LookPath calls and it would not have failed the build.

Thanks for explaining this :)

> > .gopath/src/
> >  undefined: exec.Guix_doesnt_want_LookPath
> > .gopath/src/
> >  invalid character U+005C '\'
> Please examine line 90.  It probably has a LookPath line with a new argument 
> we
> haven't seen before.

Okay, they added a lookup for 'iptables-legacy' which is what Debian has
renamed iptables. I changed this to just look up 'iptables' since its
equivalent on our end and in how the Docker code uses it and pushed as

Thanks again for your help!

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]