[Bug 1191596] [NEW] Host user can kill process of different LXC user, if same userid

Serge Hallyn 1191596 at bugs.launchpad.net
Mon Jun 17 12:28:28 UTC 2013 

> I noticed when running ps auxf on the host machine, that various processes were ascribed to the wrong users -- and surmised that it was just a result of what the host thought which names belonged to those userid's; but I hoped it wouldn't let me kill them as that user.
> 
> So I su'd to normal user "dave" userid 1003 and was able to kill each of
> the websites daemons, which each had a name like "eebot" and were userid
> 1003.
> 
> 
> Surely this is undesirable behaviour!

The answer to this is user namespaces, which are scheduled to be feature
complete in our 14.04 release.

> PS. I'm half-tempted to call this a security vulnerability, but I'm
> not sure what exactly that applies to; as a system administrator I
> might consider it a security vulnerability, as user A can kill user
> B's stuff, if the userid's match that way.

We usually say that lxc, since Ubuntu Precise (12.04), prevents
accidental breakage of the host by the container, but does not
prevent malicious breakage.  (That, again, is intended to be
addressed as far as possible by 14.04).  You do bring up a point
which we usually forget to mention.  Thanks for that.

Since we have the syslog bug open at high priority as well, and we
currently don't have a bug about the user namespace feature, I will
retitle this bug and mark it high priority.

 importance: high
 status: triaged
 summary: "user namespaces are needed to protect container and host"


** Summary changed:

- Host user can kill process of different LXC user, if same userid
+ user namespaces are needed to protect container and host

** Changed in: lxc (Ubuntu)
   Importance: Medium => High

** Changed in: lxc (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1191596

Title:
  user namespaces are needed to protect container and host

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1191596/+subscriptions

More information about the Ubuntu-server-bugs mailing list