[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
Carlos Alberto Lopez Perez
clopez at igalia.com
Wed Jan 13 09:57:32 UTC 2016
On 11/01/16 23:36, Serge Hallyn wrote:
> The lxc-attach weakness I mentioned does not apply to 'lxc exec', because
> lxd interposes a pty between your console and the container's.
I understand that I could do the same (get a fresh PTY before attaching) with
(for example): "screen lxc-attach ..." [1]
Do you think it will be a good idea to patch lxc-attach to automatically do
that (get a fresh PTY before attaching) ?
Will this solve all know security issues regarding the usage of lxc-attach ?
Or there is something more than I'm missing other than the PTY vulnerability?
Regards.
[1] https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 883 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160113/e2fc748e/attachment-0001.sig>
More information about the lxc-users
mailing list