[lxc-devel] Predictable root passwords in LXC templates

Serge Hallyn serge.hallyn at ubuntu.com
Tue Jun 16 16:49:27 UTC 2015


Quoting Major Hayden (major at mhtx.net):
> Hello there,
> 
> I've been a user of LXC for quite some time but this is my first time digging into things a bit deeper.
> 
> I'm working with the Fedora Security Team to go through some security issues in various projects and I stumbled upon a bug[1] about predictable root passwords in LXC templates.  I opened an issue on Github[2] about it and Stéphane Graber was kind enough to redirect me to this list.
> 
> I'm certainly not here to complain -- I'd like to try to improve the templates a bit and see if some of the randomized root password functionality from the CentOS and Fedora templates could be implemented in the remaining templates.  There are other options as well, such as making the password empty and refusing logins with empty passwords (as suggested by Stéphane).
> 
> Would these contributions be welcomed by the LXC community or should I go in another direction?  Thanks in advance for your help.

Yes, they would be welcome.

There were some other proposals in the past, including iirc a
patch which took username/passwords from an optional configuration
file.

(Tried to find a link to the posting just now but failed)

> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1132004
> [2] https://github.com/lxc/lxc/issues/565#issuecomment-112094910
> 
> --
> Major Hayden
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list