subject:"\[Bug 1244635\] \[NEW\] setuid executables in a container may compromise security on the host"

[Bug 1244635] [NEW] setuid executables in a container may compromise security on the host

2013-10-25 Thread Andrea Corbellini

*** This bug is a security vulnerability *** Public security bug reported: If I execute /var/lib/lxc/NAME/rootfs/usr/bin/sudo -i on the host system, it works exactly like /usr/bin/sudo -i. Now suppose that a user that has root access to the LXC container creates a flawed setuid executable. What

[Bug 1244635] [NEW] setuid executables in a container may compromise security on the host

2013-10-25 Thread Andrea Corbellini

*** This bug is a security vulnerability *** Public security bug reported: If I execute /var/lib/lxc/NAME/rootfs/usr/bin/sudo -i on the host system, it works exactly like /usr/bin/sudo -i. Now suppose that a user that has root access to the LXC container creates a flawed setuid executable. What