[Bug 1949115] Re: default install of focal allows privilege escalation via lxd group

Alex Murray 1949115 at bugs.launchpad.net
Thu Nov 24 22:59:13 UTC 2022


That sounds like a great solution - but I wonder that it will now break
things like snapcraft from working OOTB (from the last time I tested
this ~6 months ago) failed when using the unprivileged LXD setup (I
assume this is due to the way it passes the project contents through to
the container but surely this could be changed to just use lxc file
push/pull etc rather than mounting the CWD into the container)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to user-setup in Ubuntu.
https://bugs.launchpad.net/bugs/1949115

Title:
  default install of focal allows privilege escalation via lxd group

Status in user-setup package in Ubuntu:
  Fix Committed

Bug description:
  By default, a new installation of Ubuntu (at least I tried 20.04
  Desktop, but I assume this applies to other variants/versions as well)
  create a user which is in the lxd group. When the lxd snap is also
  installed, this user can now create privileged containers which
  essentially allow trivial privilege elevation to root.

  This might be a bug in lxd with privileged container creation
  requiring full root, or it might be the case that the default user
  should not be put into the lxd group out of the box, so I'm not sure
  what's the best package to file this one against.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/user-setup/+bug/1949115/+subscriptions




More information about the foundations-bugs mailing list