Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) #39292
This is useful for preventing CVE-2018-15664 where a malicious container
Before this change chrootarchive would chroot to the destination
@@ Coverage Diff @@ ## master #39292 +/- ## ========================================= Coverage ? 36.99% ========================================= Files ? 612 Lines ? 45553 Branches ? 0 ========================================= Hits ? 16852 Misses ? 26413 Partials ? 2288
And now I have added a new command for
referenced this pull request
May 30, 2019
2 times, most recently
May 31, 2019
Ok in my local testing this seems to be working well. Curious what others are seeing.
@cyphar I'll push an additional commit which consolidates the Untar stuff to require a root to chroot to.
Docker 18.06 reached EOL, so no, no backport to that version. It will be backported to versions that are still actively maintained (Docker 18.09 and the upcoming 19.03, as well as Docker Enterprise versions (17.06 EE, 18.03 EE, 18.09 EE))
Hi, @cpuguy83, thank you to provide this fix.