This notice is to advise the user groups identified below of a recently-discovered, /proc filesystem permission vulnerability. The issue was reported directly to Joyent Engineering by a security researcher.
This high-severity vulnerability exists in the core SmartOS platform. The exploit allows non-root users to create objects in the /proc directory within the zone. The validations for filesystem permissions have been hardened to prevent such unauthorized actions.
The following user groups are affected:
- Joyent customers using on-premises Triton software
- All users of SmartOS, including Triton public cloud customers (the fix has already been applied across the entire public cloud)
- Users of Open Source Triton
Actions Taken by Joyent
Joyent has created a new Platform Image (PI) containing fixes that address these vulnerabilities. This PI has been applied across the Triton public cloud.
Actions You Need to Take
Triton Software and SmartOS Users:
You are advised to apply this fix by updating your current Platform Image (PI) to the next available release (20170105-20170105T023718Z or later) using the following command on the support channel:
sdcadm platform install --latest
Triton Public Cloud Users:
All necessary fixes have been applied to the Triton Cloud (public cloud). No user action is required.
Open Source Triton Users:
- Upgrade to this Triton Platform Image (PI) release:20170105-20170105T023718Z or later
- Direct any further questions to: The SmartOS Community Mailing Lists and IRC
If you are a Joyent customer and have any further questions or concerns after reading the information and instructions above, please contact Joyent Support.