From 88593cee137328a93c978e26bad6b33ffabc9a7b Mon Sep 17 00:00:00 2001 From: Ronald Chan Date: Wed, 20 Nov 2013 22:25:36 +1300 Subject: [PATCH] Isolate: Close metafile to prevent box_inside writing false data to it See https://github.com/ronalchn/isolate-cheater for an exploit. --- isolate/isolate.c | 1 + 1 file changed, 1 insertion(+) diff --git a/isolate/isolate.c b/isolate/isolate.c index 687edbf..2164c90 100644 --- a/isolate/isolate.c +++ b/isolate/isolate.c @@ -1244,6 +1244,7 @@ box_inside(void *arg) char **args = arg; write_errors_to_fd = error_pipes[1]; close(error_pipes[0]); + meta_close(); cg_enter(); setup_root(); -- 2.39.5