#1118638 crun versions before 1.24 chown() /dev/null to the container user

Package:
crun
Source:
crun
Description:
lightweight OCI runtime for running containers
Submitter:
Hristo Venev
Date:
2025-11-06 12:17:54 UTC
Severity:
normal
Tags:
#1118638#5
Date:
2025-10-23 10:04:27 UTC
From:
To:
Dear Maintainer,

Versions of crun before 1.24 unconditionally `chown()` the stdio files of the
container to the UID inside the container. If the container's stdin is set
to `/dev/null` (which is the default for `podman`), and the container is
started by root but runs as a non-root user, this results in the owner of the
host's `/dev/null` being changed.

The impact of changing the owner of `/dev/null` is that the container
user can then `chmod()` the file, denying other users access. This may
cause denial of service.

The issue was fixed in https://github.com/containers/crun/pull/1847,
which is part of release 1.24.

#1118638#10
Date:
2025-11-06 11:05:04 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
crun, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1118638@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated crun package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Wed, 05 Nov 2025 21:28:06 -0500
Source: crun
Architecture: source
Version: 1.21-2
Distribution: unstable
Urgency: medium
Maintainer: Faidon Liambotis <paravoid@debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Closes: 1118638
Changes:
 crun (1.21-2) unstable; urgency=medium
 .
   * Never chown devices, Closes: #1118638
Checksums-Sha1:
 55ef6c77baaebb409c47df763e347b1f3256a413 2562 crun_1.21-2.dsc
 6f1fc010aa4e510b68ca548be4b8fa0420f2a25b 20688 crun_1.21-2.debian.tar.xz
Checksums-Sha256:
 b40a105ec557ecfc9f777696acc91ad7e73e590807a15de262109c925e917ab9 2562 crun_1.21-2.dsc
 01f40774a5b8ef953294785e880710f551285e8373898de4043f7f3950870f0e 20688 crun_1.21-2.debian.tar.xz
Files:
 67bdf1cc4d620d352963c26a10f5f9c8 2562 admin optional crun_1.21-2.dsc
 a3ff92b4124032e2897185e8f42b07d7 20688 admin optional crun_1.21-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmkMe2kUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsutjg//bAp4wmXAq0rsGcjT0Xs3ISXHuCHo
QClr0f3RxDwYrFCqbHW5ka6KZA1teJIr0YNE/V86Xz6JXcsRe/9J0bYJK00oc9Pe
FzeoVK+Lro8ni9C6yZe+jPwbjpAAjkC94LMQm/YF4hLv1F6clv9qSFI2sFo22UCv
vEgvMI3/KXFtkOdnqtP6ptA4jyt/6J1fuD9cA9FbRZ5dZah8sP9d0HKEZXkweAZi
FDz9l0yMg0mDrQBBLDkGD3bfsvIHAEDxgyFGkihUIaban/ErsI/iYozOXw9CPoXD
mwj/lcuITQCtNlFNklxS4xwO6sRBdGpvpLGcvWSlhUjHYrZQw8H+4WxAPhW131oN
vAzTzV1v516vAZDe4hRmAvFLxxpRpfFol+mrEdAfY2N174GubzAIFt4ik/Om7TSh
72LFYaSwXBfCPZJeEUI08WF/wbtX3w0aikUno7ISAIyHWOl5XYEcgpo0TrxGFwxB
UOPDKGc0bGkWnreMGfcLy/CQIBmInIZiOtu1m6BVWBb7vIZhOizOZIXtLVy4d23l
KcJxyewmoS4pWX1/xQkH1eKvwyRScRjGDl6on94PlqsnTAT69jMpC4C+s4OVc53i
5oyvuvGiwUNUrOKF4nJ9QWxrBUvHZr/PL2UvkbUfS5JD9LCZtDJAMmBT1wWkrTZt
bQlFmtOM7f3Vb10=
=I151
-----END PGP SIGNATURE-----