mirror of
https://github.com/opencontainers/runc.git
synced 2026-06-24 08:48:44 +00:00
4504accbba
These codepaths are very old and operate on pure paths but before pivot_root(2), meaning that a bad image with a malicious /dev symlink could cause us to operate on host paths instead. In practice this means that we could be tricked into removing a file called "ptmx" (note that /dev/pts/ptmx and /dev/ptmx are both immune for different reasons) or creating a very restricted set of symlinks (with fixed targets and names). The scope of these bugs is thus quite limited, but we definitely need to harden against it. These codepaths were unfortunately missed during the fd-based rework in commitd40b3439a9("rootfs: switch to fd-based handling of mountpoint targets") -- I must've assumed they were called after pivot_root(2)... Fixes: GHSA-xjvp-4fhw-gc47 Fixes: CVE-2026-41579 Fixes:d40b3439a9("rootfs: switch to fd-based handling of mountpoint targets") Signed-off-by: Aleksa Sarai <aleksa@amutable.com> (cherry picked from commit864db8042d) Signed-off-by: Aleksa Sarai <aleksa@amutable.com>