[Bug 1949115] Re: default install of focal allows privilege escalation via lxd group
Alex Murray
1949115 at bugs.launchpad.net
Thu Nov 24 22:59:13 UTC 2022
That sounds like a great solution - but I wonder that it will now break
things like snapcraft from working OOTB (from the last time I tested
this ~6 months ago) failed when using the unprivileged LXD setup (I
assume this is due to the way it passes the project contents through to
the container but surely this could be changed to just use lxc file
push/pull etc rather than mounting the CWD into the container)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to user-setup in Ubuntu.
https://bugs.launchpad.net/bugs/1949115
Title:
default install of focal allows privilege escalation via lxd group
Status in user-setup package in Ubuntu:
Fix Committed
Bug description:
By default, a new installation of Ubuntu (at least I tried 20.04
Desktop, but I assume this applies to other variants/versions as well)
create a user which is in the lxd group. When the lxd snap is also
installed, this user can now create privileged containers which
essentially allow trivial privilege elevation to root.
This might be a bug in lxd with privileged container creation
requiring full root, or it might be the case that the default user
should not be put into the lxd group out of the box, so I'm not sure
what's the best package to file this one against.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/user-setup/+bug/1949115/+subscriptions
More information about the foundations-bugs
mailing list