[Lxc-users] inexplicable effect when starting vnc4server (security hole?)
Daniel Lezcano
daniel.lezcano at free.fr
Thu Sep 8 11:56:32 UTC 2011
On 09/07/2011 10:06 AM, sfrazt wrote:
> hi,
>
> i run lxc under debian sid with lxc version 0.7.5.1.
> I run a debian like system in lxc container and vnc4server inside.
> Therefor i
> have created a user.
>
> The effect is that. If i start vnc4user manually as user with
>
> vnc4server :1 -geometry 800x600
>
> ps -aux shows as running command
>
> Xvnc4 :1 -desktop b:1 (lxcuser) -auth /home/lxcuser/.Xauthority
> -geometry...
>
> I get the same when i type as root
> su - lxcuser -c "vnc4server :1 -geometry 800x600"
>
> But, when i put the line
> su - lxcuser -c "vnc4server :1 -geometry 800x600 2>/dev/null"
> into my container rc.local (so it is autoexecuted at boot)
> ps -aux shows
>
> Xvnc4 :1 -desktop b:1 (lxcuser) -auth
> /var/run/gdm3/auth-for-HOSTUSER-6czu0s/database -geometry...
>
> The problem is that HOSTUSER (my user account at host system
> and gdm3 and the file doesn't should exist (and doesn't exist)
> in the container. In hole container there is no text where
> this filename appears.
>
> My question is now: Where does this filename came from? Is it
> a security hole?
>
Is it possible that's coming from an environment variable ?
More information about the lxc-users
mailing list