Package: crun Version: 1.21-1 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Dear Maintainer, Versions of crun before 1.24 unconditionally `chown()` the stdio files of the container to the UID inside the container. If the container's stdin is set to `/dev/null` (which is the default for `podman`), and the container is started by root but runs as a non-root user, this results in the owner of the host's `/dev/null` being changed. The impact of changing the owner of `/dev/null` is that the container user can then `chmod()` the file, denying other users access. This may cause denial of service. The issue was fixed in https://github.com/containers/crun/pull/1847, which is part of release 1.24. -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.39-1-insait (SMP w/56 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages crun depends on: ii libc6 2.41-12 ii libcap2 1:2.75-10+b1 ii libseccomp2 2.6.0-2 ii libsystemd0 257.8-1~deb13u2 ii libyajl2 2.1.0-5+b2 Versions of packages crun recommends: pn libcriu2 <none> Versions of packages crun suggests: pn libwasmedge0 <none> -- no debconf information
