-
Committer:
Martin Pitt
-
Date:
2015-04-16 22:00:42 UTC
-
Revision ID:
martin.pitt@canonical.com-20150416220042-fxbbu2vmp1riffs6
* SECURITY UPDATE: Disable crash forwarding to containers. The previous fix in 2.17.1 was not sufficient against all attack scenarios. By binding to specially crafted sockes, a normal user program could forge arbitrary entries in /proc/net/unix. We cannot currently rely on a kernel-side solution for this; this feature will be re-enabled once it gets re-done to be secure. (LP: #1444518)