rpms/crun
7
0
Fork 0
Code Issues Pull Requests Releases Activity
01b4af2200
crun/SOURCES/0002-exec-cap-do-not-set-inheritable-capabilities.patch
CentOS Sources 893de38dd7 import crun-0.18-3.module+el8.6.0+14694+4f5132e0
2022-05-10 07:24:31 +00:00

32 lines
1.2 KiB
Diff
Raw Blame History

From 21cb5a8c7bcc90c42743ffd15cd11a55bf66993d Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 28 Feb 2022 11:06:50 +0100
Subject: [PATCH 2/2] exec: --cap do not set inheritable capabilities
Closes: CVE-2022-27650
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 1aeeed2e4fdeffb4875c0d0b439915894594c8c6)
---
src/exec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/exec.c b/src/exec.c
index bf6c05f..8c9862d 100644
--- a/src/exec.c
+++ b/src/exec.c
@@ -250,8 +250,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a
capabilities->effective = exec_options.cap;
capabilities->effective_len = exec_options.cap_size;
- capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
- capabilities->inheritable_len = exec_options.cap_size;
+ capabilities->inheritable = NULL;
+ capabilities->inheritable_len = 0;
capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
capabilities->bounding_len = exec_options.cap_size;
--
2.35.1
Reference in New Issue View Git Blame Copy Permalink