Revert "Merge pull request #10 from seemethere/apply_patches_1706"

This reverts commit fc48a25, reversing changes made to 519d2ac. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-archive · Feb 13, 2019 · 07b2637 · 07b2637
1 parent 99ec935
commit 07b2637
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 249 deletions.
diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
@@ -438,9 +438,6 @@ void join_namespaces(char *nslist)
 	free(namespaces);
 }
 
-/* Defined in cloned_binary.c. */
-int ensure_cloned_binary(void);
-
 void nsexec(void)
 {
 	int pipenum;
@@ -456,14 +453,6 @@ void nsexec(void)
 	if (pipenum == -1)
 		return;
 
-	/*
-	 * We need to re-exec if we are not in a cloned binary. This is necessary
-	 * to ensure that containers won't be able to access the host binary
-	 * through /proc/self/exe. See CVE-2019-5736.
-	 */
-	if (ensure_cloned_binary() < 0)
-		bail("could not ensure we are a cloned binary");
-
 	/* Parse all of the netlink configuration. */
 	nl_parse(pipenum, &config);