[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jan 13 21:49:52 UTC 2016
Quoting Carlos Alberto Lopez Perez (clopez at igalia.com):
> On 11/01/16 23:36, Serge Hallyn wrote:
> > The lxc-attach weakness I mentioned does not apply to 'lxc exec', because
> > lxd interposes a pty between your console and the container's.
>
> I understand that I could do the same (get a fresh PTY before attaching) with
> (for example): "screen lxc-attach ..." [1]
>
> Do you think it will be a good idea to patch lxc-attach to automatically do
> that (get a fresh PTY before attaching) ?
Yes, I'd really like someone to do that. It's on my list,
but that list is pretty long.
> Will this solve all know security issues regarding the usage of lxc-attach ?
I think so.
> Or there is something more than I'm missing other than the PTY vulnerability?
>
>
> Regards.
>
> [1] https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list