[Lxc-users] inexplicable effect when starting vnc4server (security hole?)
sfrazt
sfrazt at googlemail.com
Wed Sep 7 08:06:35 UTC 2011
hi,
i run lxc under debian sid with lxc version 0.7.5.1.
I run a debian like system in lxc container and vnc4server inside.
Therefor i
have created a user.
The effect is that. If i start vnc4user manually as user with
vnc4server :1 -geometry 800x600
ps -aux shows as running command
Xvnc4 :1 -desktop b:1 (lxcuser) -auth /home/lxcuser/.Xauthority
-geometry...
I get the same when i type as root
su - lxcuser -c "vnc4server :1 -geometry 800x600"
But, when i put the line
su - lxcuser -c "vnc4server :1 -geometry 800x600 2>/dev/null"
into my container rc.local (so it is autoexecuted at boot)
ps -aux shows
Xvnc4 :1 -desktop b:1 (lxcuser) -auth
/var/run/gdm3/auth-for-HOSTUSER-6czu0s/database -geometry...
The problem is that HOSTUSER (my user account at host system
and gdm3 and the file doesn't should exist (and doesn't exist)
in the container. In hole container there is no text where
this filename appears.
My question is now: Where does this filename came from? Is it
a security hole?
greetz
sfrazt
attach1:
container.config
lxc.utsname = b
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
# lxc.network.hwaddr = 4a:49:44:49:79:a0
# use 0.0.0.0 below for DHCP
lxc.network.ipv4 = 192.168.2.22/24
lxc.mount = /etc/lxc/b.fstab
lxc.rootfs = /srv/lxc/b
lxc.tty = 4
lxc.pts = 1024
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
attach2:
container.fstab
none /srv/lxc/b/dev/pts devpts defaults 0 0
none /srv/lxc/b/proc proc nodev,noexec,nosuid,ro 0 0
none /srv/lxc/b/sys sysfs defaults,ro,noexec 0 0
#none /srv/lxc/b/dev/shm tmpfs defaults 0 0
none /srv/lxc/b/tmp tmpfs defaults,size=64M 0 0
attach3:
mount output inside the container:
rootfs on / type rootfs (rw)
/dev/disk/by-uuid/70dc1a32-3942-4c1e-b91c-c881ce75a675 on / type ext4
(rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered)
none on /proc type proc (ro,nosuid,nodev,noexec,relatime)
none on /sys type sysfs (ro,noexec,relatime)
none on /tmp type tmpfs (rw,relatime,size=65536k)
devpts on /dev/console type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty1 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty2 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty3 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty4 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)
devpts on /dev/ptmx type devpts (rw,relatime,mode=600,ptmxmode=666)
More information about the lxc-users
mailing list