Skip to content

Commit

Permalink
OpenInRoot: add CVE link to godoc
Browse files Browse the repository at this point in the history 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
  • Loading branch information
@kolyshkin @cyphar
kolyshkin authored and cyphar committed Sep 30, 2024
1 parent 5b5a7a4 commit 09afcf2
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion open_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,9 @@ func OpenInRoot(root, unsafePath string) (*os.File, error) {
// maliciously-configured /proc mount. While this attack scenario is not
// common, in container runtimes it is possible for higher-level runtimes to be
// tricked into configuring an unsafe /proc that can be used to attack file
// operations. See CVE-2019-19921 for more details.
// operations. See [CVE-2019-19921] for more details.
//
// [CVE-2019-19921]: https://github.com/advisories/GHSA-fh74-hm69-rqjw
func Reopen(handle *os.File, flags int) (*os.File, error) {
procRoot, err := getProcRoot()
if err != nil {
Expand Down

0 comments on commit 09afcf2

Please sign in to comment.