** Summary changed: - lxc-excecute NULL pointer dereference causes segfault when sharing rootfs with host + [SRU] lxc-excecute NULL pointer dereference causes segfault when sharing rootfs with host
** Description changed: + [ Impact ] + + lxc-execute will crash with a segfault if the user tries to use the host + rootfs as a shared rootfs. + + $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr + Segmentation fault + + [ Test Plan ] + + install lxc + + $ cat > lxc.conf <<EOF + lxc.uts.name=lxc-test-1 + lxc.net.0.type = empty + lxc.console.path = none + lxc.tty.max = 1 + lxc.pty.max = 128 + lxc.mount.auto = proc:rw sys cgroup + lxc.autodev = 1 + EOF + + sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr + + If the package is fixed, it will display output from 'ls'. + + [ Where problems could occur ] + + This is an upstream patch which is only checking if a pointer is not + NULL before dereferencing it. There is no other change in the code apart + from this pointer check. There is very miinimum chance of any regression + due to this change. + + [ Other Info ] + + It is now fixed in Plucky. + Eevn though Debian has an updated 1:6.0.2-1, but the issue is still reproducible on Debian. + + [ Original Bug Description ] + + + lsb_release -rd: Description: Ubuntu 24.04.1 LTS Release: 24.04 lxc-start --version: 5.0.3 Issue: lxc-execute segfaults when using a shared host rootfs due to a NULL pointer deference. In lxc/src/lxc/conf.c - lines 339 - 344 The call to lxc_storage_prepare detects no rootfs path and returns without calling storage_init In lxc/src/lxc/conf.c - lines 293 - 310 leaving rootfs->storage null. Then dereferencing rootfs->storage->type causes a segfault. - Steps to reproduce: 1. use lxc.conf: - lxc.uts.name=lxc-test-1 - lxc.net.0.type = empty - lxc.console.path = none - lxc.tty.max = 1 - lxc.pty.max = 128 - lxc.mount.auto = proc:rw sys cgroup - lxc.autodev = 1 + lxc.uts.name=lxc-test-1 + lxc.net.0.type = empty + lxc.console.path = none + lxc.tty.max = 1 + lxc.pty.max = 128 + lxc.mount.auto = proc:rw sys cgroup + lxc.autodev = 1 2. Run: - $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /dev - Segmentation fault - - I've attached a patch as a possible fix. Running the same example above with the patch applied runs without crashing. + $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /dev + Segmentation fault + + I've attached a patch as a possible fix. Running the same example above + with the patch applied runs without crashing. ** Description changed: [ Impact ] lxc-execute will crash with a segfault if the user tries to use the host rootfs as a shared rootfs. $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr Segmentation fault [ Test Plan ] install lxc $ cat > lxc.conf <<EOF lxc.uts.name=lxc-test-1 lxc.net.0.type = empty lxc.console.path = none lxc.tty.max = 1 lxc.pty.max = 128 lxc.mount.auto = proc:rw sys cgroup lxc.autodev = 1 EOF - sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr + $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr If the package is fixed, it will display output from 'ls'. [ Where problems could occur ] This is an upstream patch which is only checking if a pointer is not NULL before dereferencing it. There is no other change in the code apart - from this pointer check. There is very miinimum chance of any regression + from this pointer check. There is very minimum chance of any regression due to this change. [ Other Info ] It is now fixed in Plucky. - Eevn though Debian has an updated 1:6.0.2-1, but the issue is still reproducible on Debian. + Even though Debian has an updated 1:6.0.2-1, but the issue is still reproducible on Debian. [ Original Bug Description ] - - lsb_release -rd: Description: Ubuntu 24.04.1 LTS Release: 24.04 lxc-start --version: 5.0.3 Issue: lxc-execute segfaults when using a shared host rootfs due to a NULL pointer deference. In lxc/src/lxc/conf.c - lines 339 - 344 The call to lxc_storage_prepare detects no rootfs path and returns without calling storage_init In lxc/src/lxc/conf.c - lines 293 - 310 leaving rootfs->storage null. Then dereferencing rootfs->storage->type causes a segfault. Steps to reproduce: 1. use lxc.conf: lxc.uts.name=lxc-test-1 lxc.net.0.type = empty lxc.console.path = none lxc.tty.max = 1 lxc.pty.max = 128 lxc.mount.auto = proc:rw sys cgroup lxc.autodev = 1 2. Run: $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /dev Segmentation fault I've attached a patch as a possible fix. Running the same example above with the patch applied runs without crashing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2081762 Title: [SRU] lxc-excecute NULL pointer dereference causes segfault when sharing rootfs with host Status in lxc: Fix Released Status in lxc package in Ubuntu: In Progress Status in lxc source package in Noble: In Progress Status in lxc source package in Oracular: In Progress Status in lxc source package in Plucky: In Progress Status in lxc package in Debian: New Bug description: [ Impact ] lxc-execute will crash with a segfault if the user tries to use the host rootfs as a shared rootfs. $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr Segmentation fault [ Test Plan ] install lxc $ cat > lxc.conf <<EOF lxc.uts.name=lxc-test-1 lxc.net.0.type = empty lxc.console.path = none lxc.tty.max = 1 lxc.pty.max = 128 lxc.mount.auto = proc:rw sys cgroup lxc.autodev = 1 EOF $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr If the package is fixed, it will display output from 'ls'. [ Where problems could occur ] This is an upstream patch which is only checking if a pointer is not NULL before dereferencing it. There is no other change in the code apart from this pointer check. There is very minimum chance of any regression due to this change. [ Other Info ] It is now fixed in Plucky. Even though Debian has an updated 1:6.0.2-1, but the issue is still reproducible on Debian. [ Original Bug Description ] lsb_release -rd: Description: Ubuntu 24.04.1 LTS Release: 24.04 lxc-start --version: 5.0.3 Issue: lxc-execute segfaults when using a shared host rootfs due to a NULL pointer deference. In lxc/src/lxc/conf.c - lines 339 - 344 The call to lxc_storage_prepare detects no rootfs path and returns without calling storage_init In lxc/src/lxc/conf.c - lines 293 - 310 leaving rootfs->storage null. Then dereferencing rootfs->storage->type causes a segfault. Steps to reproduce: 1. use lxc.conf: lxc.uts.name=lxc-test-1 lxc.net.0.type = empty lxc.console.path = none lxc.tty.max = 1 lxc.pty.max = 128 lxc.mount.auto = proc:rw sys cgroup lxc.autodev = 1 2. Run: $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /dev Segmentation fault I've attached a patch as a possible fix. Running the same example above with the patch applied runs without crashing. To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/2081762/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
