kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #39612 from tiborvass/cve-2019-14271

Browse source 
Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc
This commit is contained in:
Akihiro Suda 2019-07-26 13:31:28 +09:00 committed by GitHub
commit 11e48badcb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkg/chrootarchive/archive.go
View file

@ -4,13 +4,22 @@ import (
"fmt" "fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"net"
"os" "os"
"os/user"
"path/filepath" "path/filepath"
"github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
) )
func init() {
// initialize nss libraries in Glibc so that the dynamic libraries are loaded in the host
// environment not in the chroot from untrusted files.
_, _ = user.Lookup("docker")
_, _ = net.LookupHost("localhost")
}
// NewArchiver returns a new Archiver which uses chrootarchive.Untar // NewArchiver returns a new Archiver which uses chrootarchive.Untar
func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver { func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver {
if idMapping == nil { if idMapping == nil {