Quoting Carlos Alberto Lopez Perez (clo...@igalia.com): > On 11/01/16 23:36, Serge Hallyn wrote: > > The lxc-attach weakness I mentioned does not apply to 'lxc exec', because > > lxd interposes a pty between your console and the container's. > > I understand that I could do the same (get a fresh PTY before attaching) with > (for example): "screen lxc-attach ..." [1] > > Do you think it will be a good idea to patch lxc-attach to automatically do > that (get a fresh PTY before attaching) ?
Yes, I'd really like someone to do that. It's on my list, but that list is pretty long. > Will this solve all know security issues regarding the usage of lxc-attach ? I think so. > Or there is something more than I'm missing other than the PTY vulnerability? > > > Regards. > > [1] https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users