Bug 1018892 - (CVE-2016-10124) VUL-0: CVE-2016-10124: lxc: escape to parent session via TIOCSTI ioctl in lxc-attach
VUL-0: CVE-2016-10124: lxc: escape to parent session via TIOCSTI ioctl in lxc...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Cédric Bosdonnat
Security Team bot
Depends on: CVE-2016-2779
  Show dependency treegraph
Reported: 2017-01-09 15:31 UTC by Andreas Stieger
Modified: 2017-07-28 14:51 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2017-01-09 23:00:51 UTC
bugbot adjusting priority
Comment 2 Cédric Bosdonnat 2017-01-10 08:20:23 UTC
There is way too much difference between lxc master and our latest supported version (0.8.0) in SLES. This series can't be backported.
Comment 3 Marcus Meissner 2017-01-13 08:53:47 UTC
we have several TIOCSTI bugs ... bug 968674  is the one with some thoughts on how to address it. 

But there is no good solution at this time in general.
Comment 4 Marcus Meissner 2017-01-13 08:56:02 UTC
The part
if (ioctl(slave, TIOCSCTTY, NULL) < 0)

would be the core of the fix... so there is an approach, just the patch is very large :/
Comment 5 Cédric Bosdonnat 2017-03-24 08:38:56 UTC
Andreas, I'm not planning to backport such a giant thing to the super old lxc that we have on SLE 11. It would be rather risky and complex. Could this bug be closed?
Comment 6 Johannes Segitz 2017-03-29 13:03:30 UTC
(In reply to Cédric Bosdonnat from comment #5)
No, unfortunately not. It's supported, so we need to fix it. Maybe we can go the route that Marcus proposed and use a minimal patch?
Comment 7 Johannes Kastl 2017-04-10 06:10:47 UTC
I'll prepare packages for openSUSE in the meantime, but my last submit request is still open...
Comment 10 Johannes Segitz 2017-07-28 12:35:57 UTC
This scenario is not supported in SLE 11 (see release notes) and fixing it would be a major effort and a high risk of introducing regression.s