[Bug 1191596] [NEW] Host user can kill process of different LXC user, if same userid

Julian Haagsma jhaagsma at gmail.com
Sun Jun 16 22:30:07 UTC 2013 

Public bug reported:

Hi,

I'm setting up a webserver, and decided after some reading and
significant setup to contain various sites in their own LXC containers.

The websites have different sets of developers, and several have daemons
for which I created users.


Consequently, there is not a 1:1 match between users on the host and inside each LXC.


I noticed when running ps auxf on the host machine, that various processes were ascribed to the wrong users -- and surmised that it was just a result of what the host thought which names belonged to those userid's; but I hoped it wouldn't let me kill them as that user.

So I su'd to normal user "dave" userid 1003 and was able to kill each of
the websites daemons, which each had a name like "eebot" and were userid
1003.


Surely this is undesirable behaviour!

I have since added duplicate daemon userid's and moved them into the 996
range so normal users won't likely accidentally overlap, but I think
there should be a way to prevent regular host users from killing
processes inside LXC that coincidentally happen to have the same userid.


I also noticed, for example, when running ps auxf, that the mysql user in the LXC's have the same userid as "colord" on the host, for the same reasons.  While this is probably not a huge deal, there could easily be a situation where this was undesirable.


As an addendum, the reason I have the users added on the host is so they can SSH to it, and then into their respective LXC environments.


PS. I'm half-tempted to call this a security vulnerability, but I'm not sure what exactly that applies to; as a system administrator I might consider it a security vulnerability, as user A can kill user B's stuff, if the userid's match that way.


--------------
$ lsb_release -rd
Description:	Ubuntu 12.04.2 LTS
Release:	12.04

$ apt-cache policy lxc
lxc:
  Installed: 0.7.5-3ubuntu67
  Candidate: 0.7.5-3ubuntu67
  Version table:
     0.8.0~rc1-4ubuntu39.12.10.2~ubuntu12.04.1 0
        100 http://mirror.peer1.net/ubuntu/ precise-backports/universe amd64 Packages
 *** 0.7.5-3ubuntu67 0
        500 http://mirror.peer1.net/ubuntu/ precise-updates/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.7.5-3ubuntu52 0
        500 http://mirror.peer1.net/ubuntu/ precise/universe amd64 Packages

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1191596

Title:
  Host user can kill process of different LXC user, if same userid

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1191596/+subscriptions

More information about the Ubuntu-server-bugs mailing list