2daf4331a6
Fixes a hypothetical security issue related to privilege escalation via rootwrap/privsep. A potential vulnerable service could previously allow writes to its rootwrap/privsep config and thus allow for more commands to be run with root privileges via rootwrap/privsep. For a succesful attack, this would also require the service to allow to run arbitrary commands via rootwrap/privsep. Thus far, no such vulnerabilities have been reported and thus this fix is simply strengthening the container images against such an issue in the future. Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a Closes-Bug: #1874298
13 lines
646 B
YAML
13 lines
646 B
YAML
---
|
|
security:
|
|
- |
|
|
Fixes a hypothetical security issue related to privilege escalation via
|
|
rootwrap/privsep. A potential vulnerable service could previously allow
|
|
writes to its rootwrap/privsep config and thus allow for more commands
|
|
to be run with root privileges via rootwrap/privsep. For a succesful
|
|
attack, this would also require the service to allow to run arbitrary
|
|
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
|
|
been reported and thus this fix is simply strengthening the container
|
|
images against such an issue in the future.
|
|
`LP#1874298 <https://launchpad.net/bugs/1874298>`__
|