[Lxc-users] inexplicable effect when starting vnc4server (security hole?)
Daniel Lezcano
daniel.lezcano at free.fr
Thu Sep 8 12:41:21 UTC 2011
On 09/08/2011 02:12 PM, sfrazt wrote:
> Daniel Lezcano <daniel.lezcano at free.fr> schrieb am 8.09.11 13:56:
>>> My question is now: Where does this filename came from? Is it
>>> a security hole?
>>>
>> Is it possible that's coming from an environment variable ?
> You are absolutely right.
> The value comes from XAUTHORITY which is given to the container. Is it a
> wanted behaviour?
I suppose this is coming from sysv init which does not take care of
cleaning up the env variables (which is better because we can transmit
env variables from the host to the container).
Can you check XAUTHORITY is set in your container ? and ensure it is set
before the vncserver is launched ?
More information about the lxc-users
mailing list