Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Nov 2016 10:53:20 -0600
From: Tyler Hicks <>
Cc: Roman Fiedler <>,
 St├ęphane Graber <>,
 "Eric W. Biederman" <>
Subject: Security issue in LXC (CVE-2016-8649) with additional Linux kernel

Roman Fiedler from AIT discovered that a malicious root user in an LXC
container can ptrace the connecting lxc-attach process and then
manipulate it.


CVE-2016-8649 was assigned to the issue that allows an attacker inside
of an unprivileged container to use an inherited file descriptor, of the
host's /proc, to access the rest of the host's filesystem via the
openat() family of syscalls. The file descriptor is needed to write to
/proc/<PID>/attr/current or /proc/<PID>/attr/exec to set the
AppArmor/SELinux label of the attached process. The LXC upstream
developers have developed a patch to protect against this attack by only
passing a file descriptor of either the current or exec file itself.

There's also an additional attack where a malicious root user in an
unprivileged container can ptrace the connecting lxc-attach process and
bypass the AppArmor/SELinux confinement completely and/or prevent
lxc-attach from dropping privileges (privileges equal to the user that
initial ran lxc-attach). To fix that issue, a kernel patch is needed to
prevent such a ptrace operation. The LXC upstream developers report that
the following patch from Eric Biederman prevents this attack:

The kernel patch has not yet been merged and, as far as I know, is not
associated with any CVE. The Ubuntu Kernel team reports that it fixes
the disputed CVE-2015-8709, in addition to the issue described above,
but I do not believe that they are the same issue.

I'm not sure if a CVE should be assigned for this kernel issue. At
this point, I don't understand the full impact of that kernel change
well enough to put together a meaningful CVE request. Suggestions/ideas
are welcome.

The LXC fix for CVE-2016-8649 that withholds the /proc fd from the
connecting lxc-attach process mitigates the kernel issue in that it,
even though the malicious root user in the container can bypass MAC
confinement and/or prevent privilege dropping, there's no obvious way to
access or modify the host filesystem.


Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.