mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
d089b63937
This is useful for preventing CVE-2018-15664 where a malicious container process can take advantage of a race on symlink resolution/sanitization. Before this change chrootarchive would chroot to the destination directory which is attacker controlled. With this patch we always chroot to the container's root which is not attacker controlled. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
22 lines
673 B
Go
22 lines
673 B
Go
package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
|
|
|
|
import (
|
|
"io"
|
|
|
|
"github.com/docker/docker/pkg/archive"
|
|
"github.com/docker/docker/pkg/longpath"
|
|
)
|
|
|
|
// chroot is not supported by Windows
|
|
func chroot(path string) error {
|
|
return nil
|
|
}
|
|
|
|
func invokeUnpack(decompressedArchive io.ReadCloser,
|
|
dest string,
|
|
options *archive.TarOptions, root string) error {
|
|
// Windows is different to Linux here because Windows does not support
|
|
// chroot. Hence there is no point sandboxing a chrooted process to
|
|
// do the unpack. We call inline instead within the daemon process.
|
|
return archive.Unpack(decompressedArchive, longpath.AddPrefix(dest), options)
|
|
}
|