[Lxc-users] inexplicable effect when starting vnc4server (security hole?)

sfrazt sfrazt at googlemail.com
Wed Sep 7 08:06:35 UTC 2011


hi,

i run lxc under debian sid with lxc version 0.7.5.1.
I run a debian like system in lxc container and vnc4server inside.
Therefor i
have created a user.

The effect is that. If i start vnc4user manually as user with
                                                             
    vnc4server :1 -geometry 800x600                          

ps -aux shows as running command
                                
    Xvnc4 :1 -desktop b:1 (lxcuser) -auth /home/lxcuser/.Xauthority
-geometry...

I get the same when i type as root
    su - lxcuser -c "vnc4server :1 -geometry 800x600"

But, when i put the line
    su - lxcuser -c "vnc4server :1 -geometry 800x600 2>/dev/null"
into my container rc.local (so it is autoexecuted at boot)
ps -aux shows
             
    Xvnc4 :1 -desktop b:1 (lxcuser) -auth
/var/run/gdm3/auth-for-HOSTUSER-6czu0s/database -geometry...

The problem is that HOSTUSER (my user account at host system
and gdm3 and the file doesn't  should exist (and doesn't exist)
in the container. In hole container there is no text where
this filename appears.

My question is now: Where does this filename came from? Is it
a security hole?

greetz
sfrazt

attach1:
container.config

lxc.utsname = b
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
# lxc.network.hwaddr = 4a:49:44:49:79:a0
# use 0.0.0.0 below for DHCP
lxc.network.ipv4 = 192.168.2.22/24
lxc.mount = /etc/lxc/b.fstab
lxc.rootfs = /srv/lxc/b
lxc.tty = 4
lxc.pts = 1024
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm


attach2:
container.fstab

none  /srv/lxc/b/dev/pts devpts defaults 0 0
none  /srv/lxc/b/proc  proc    nodev,noexec,nosuid,ro 0 0
none /srv/lxc/b/sys   sysfs defaults,ro,noexec  0 0
#none /srv/lxc/b/dev/shm tmpfs  defaults 0 0
none /srv/lxc/b/tmp tmpfs  defaults,size=64M 0 0

attach3:

mount output inside the container:

rootfs on / type rootfs (rw)
/dev/disk/by-uuid/70dc1a32-3942-4c1e-b91c-c881ce75a675 on / type ext4
(rw,relatime,errors=remount-ro,user_xattr,barrier=1,data=ordered)
none on /proc type proc (ro,nosuid,nodev,noexec,relatime)
none on /sys type sysfs (ro,noexec,relatime)
none on /tmp type tmpfs (rw,relatime,size=65536k)
devpts on /dev/console type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty1 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty2 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty3 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/tty4 type devpts
(rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
devpts on /dev/pts type devpts (rw,relatime,mode=600,ptmxmode=666)
devpts on /dev/ptmx type devpts (rw,relatime,mode=600,ptmxmode=666)





More information about the lxc-users mailing list