[Bug 1244635] Re: setuid executables in a container may compromise security on the host
Andrea Corbellini
corbellini.andrea at gmail.com
Sat Oct 26 08:11:46 UTC 2013
> I also don't feel that this is a high priority bug since, so far, we
do not recommend allowing unprivileged users to use containers.
Agreed. Especially because (currently) it's fairly easy to escape from
LXC when you have root access to the container.
> I don't believe it would be a serious loss of functionality to chmod 0700 /var/lib/lxc.
> ...
> So I think a regular update in trusty with SRUs to all previous releases is ok.
I've used this functionality many times in the past. While I can do
without it in exchange for security, some people may have written
scripts that depend on this functionality, hence a SRU would be nasty
for them.
My personal opinion is: LXC is insecure and it does not deserve
potentially dangerous security updates in stable releases.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1244635
Title:
setuid executables in a container may compromise security on the host
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1244635/+subscriptions
More information about the Ubuntu-server-bugs
mailing list