TPS-2017-001 /proc Filesystem Permission Vulnerability
This notice is to advise the user groups identified below of a
/proc filesystem permission vulnerability. The issue was
reported directly to Joyent Engineering by a security researcher.
This high-severity vulnerability exists in the core SmartOS platform. The
exploit allows non-root users to create objects in the
/proc directory within
the zone. The validations for filesystem permissions have been hardened to
prevent such unauthorized actions.
The following user groups are affected
- Joyent customers using on-premises Triton software
- All users of SmartOS, including Triton public cloud customers (the fix has already been applied across the entire public cloud)
- Users of Open Source Triton
Actions Taken by Joyent
Joyent has created a new Platform Image (PI) containing fixes that address these vulnerabilities. This PI has been applied across the Triton public cloud.
Actions You Need to Take
Triton Software and SmartOS Users
You are advised to apply this fix by updating your current Platform Image (PI)
to the next available release (
20170105-20170105T023718Z or later) using the
following command on the support channel:
sdcadm platform install --latest
Triton Public Cloud Users
All necessary fixes have been applied to the Triton Cloud (public cloud). No user action is required.
Open Source Triton Users
- Upgrade to this Triton Platform Image (PI) release:
- Direct any further questions to: The SmartOS Community Mailing Lists and IRC
If you are a Joyent customer and have any further questions or concerns after reading the information and instructions above, please contact Joyent Support.