[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#34446] Runc container escape patches CVE-2019-5736

From: Danny Milosavljevic
Subject: [bug#34446] Runc container escape patches CVE-2019-5736
Date: Tue, 12 Feb 2019 01:10:34 +0100

Hi Leo,

as originally released by upstream, Docker looks up auxiliary commands in PATH,
using a Go function called "LookPath".

Our package definition patches a lot of the specific LookPath calls to
refer to inputs by absolute path.

I've booby-trapped the remaining LookPath calls so we won't accidentially
have an internal tool looked up in $PATH.

If we have not forgotten any LookPath calls, there should have been no remaining
LookPath calls and it would not have failed the build.

> .gopath/src/
>  undefined: exec.Guix_doesnt_want_LookPath
> .gopath/src/
>  invalid character U+005C '\'

Please examine line 90.  It probably has a LookPath line with a new argument we
haven't seen before.

That means we'd have to find out which Guix package has an executable named like
the argument and add a case to the existing LookPath substituter in order to
also substitute it.

Attachment: pgpgdIYli3wqr.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]