[Lxc-users] System destabilization

Michael H. Warfield mhw at WittsEnd.com
Wed Nov 6 20:17:24 UTC 2013 

On Wed, 2013-11-06 at 12:41 -0500, Dustin Oprea wrote: 
> I'm a newcomer to LXC. I'm aware of the security disclaimers behind
> using an LXC (such as access to the same sysfs as the host), but is it
> also fair to say that it's just as likely for a rogue application
> inside a container to cause a kernel panic or some kind of disastrous
> segfault that will destabilize the host?

I don't really think the question is quantifiable or answerable in a
formal or definitive way.  But I'll give you my arguments to the
contrary.

I haven't really run into a rogue applications causing a kernel opps or
panic in years and I've had plenty of experience diagnosing panics and
opps's in the past.  Not to say it can't happen, but it does indicate a
kernel bug and, as such, a security issue in the kernel.  The kernel is
suppose to protect itself from such "rouge" behavior.  But, there's
always something and, as a professional security researcher, I'm well
aware of that.

As such, it's no MORE likely in a container than running on the host and
it's entirely possible that the container namespace isolation could
convey some projection against a number of areas where such a thing
could arise.

If you're comparing it to things like shared proc, sysfs, or devtmpfs, I
do see those issues show up (systemd and devtmpfs being my primary
example and PITA) but have never seen a rouge container application, on
it's own, do much more than resource starvation (I've got a container
with a mysql process that occasionally sends my load average into lala
land).

So, my response would be no, it's not "just as likely" for the simple
reason that kernel security bugs that would allow it are much less
likely than configuration collisions that allow conflicts over proc,
sysfs, or devtmpfs.

Possible - yes.  Likely - no.  As likely - no.

> Dustin Oprea
> 
Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131106/6a7acb11/attachment.pgp>

More information about the lxc-users mailing list