The verification of the Stable Release Update for lxc has completed
successfully and the package is now being released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report.  In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.
-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2081762

Title:
  [SRU] lxc-excecute NULL pointer dereference causes segfault when
  sharing rootfs with host

Status in lxc:
  Fix Released
Status in lxc package in Ubuntu:
  Fix Released
Status in lxc source package in Noble:
  Fix Released
Status in lxc source package in Oracular:
  Fix Released
Status in lxc source package in Plucky:
  Fix Released
Status in lxc package in Debian:
  New

Bug description:
  [ Impact ]

  lxc-execute will crash with a segfault if the user tries to use the
  host rootfs as a shared rootfs.

  $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr
  Segmentation fault

  [ Test Plan ]

  install lxc

  $ cat > lxc.conf <<EOF
  lxc.uts.name=lxc-test-1
  lxc.net.0.type = empty
  lxc.console.path = none
  lxc.tty.max = 1
  lxc.pty.max = 128
  lxc.mount.auto = proc:rw sys cgroup
  lxc.autodev = 1
  EOF

  $ sudo lxc-execute -n lxc-test-1 -f lxc.conf -l TRACE -- ls /usr

  If the package is fixed, it will display output from 'ls'.

  [ Where problems could occur ]

  This is an upstream patch which is only checking if a pointer is not
  NULL before dereferencing it. There is no other change in the code
  apart from this pointer check. There is very minimum chance of any
  regression due to this change.

  [ Other Info ]

  It is now fixed in Plucky.
  Even though Debian has an updated 1:6.0.2-1, but the issue is still 
reproducible on Debian.

  [ Original Bug Description ]

  lsb_release -rd:
  Description:  Ubuntu 24.04.1 LTS
  Release:      24.04

  lxc-start --version: 5.0.3

  Issue: lxc-execute segfaults when using a shared host rootfs due to a
  NULL pointer deference.

  In lxc/src/lxc/conf.c - lines 339 - 344

  The call to lxc_storage_prepare detects no rootfs path and returns
  without calling storage_init

  In lxc/src/lxc/conf.c - lines 293 - 310

  leaving rootfs->storage null.

  Then dereferencing rootfs->storage->type causes a segfault.

  Steps to reproduce:
  1. use lxc.conf:
     lxc.uts.name=lxc-test-1
     lxc.net.0.type = empty
     lxc.console.path = none
     lxc.tty.max = 1
     lxc.pty.max = 128
     lxc.mount.auto = proc:rw sys cgroup
     lxc.autodev = 1

  2. Run:
     $ sudo lxc-execute -n lxc-test-1 -f lxc.conf  -l TRACE -- ls /dev
     Segmentation fault

  I've attached a patch as a possible fix.  Running the same example
  above with the patch applied runs without crashing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxc/+bug/2081762/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to