Thanks, Mike. That was all I was looking for. Possible, but less likely
then any other problem that we'd have to mitigate in production.
Dustin
On Nov 6, 2013 3:18 PM, "Michael H. Warfield" <m...@wittsend.com> wrote:
> On Wed, 2013-11-06 at 12:41 -0500, Dustin Oprea wrote:
> > I'm a newcomer to LXC. I'm aware of the security disclaimers behind
> > using an LXC (such as access to the same sysfs as the host), but is it
> > also fair to say that it's just as likely for a rogue application
> > inside a container to cause a kernel panic or some kind of disastrous
> > segfault that will destabilize the host?
>
> I don't really think the question is quantifiable or answerable in a
> formal or definitive way. But I'll give you my arguments to the
> contrary.
>
> I haven't really run into a rogue applications causing a kernel opps or
> panic in years and I've had plenty of experience diagnosing panics and
> opps's in the past. Not to say it can't happen, but it does indicate a
> kernel bug and, as such, a security issue in the kernel. The kernel is
> suppose to protect itself from such "rouge" behavior. But, there's
> always something and, as a professional security researcher, I'm well
> aware of that.
>
> As such, it's no MORE likely in a container than running on the host and
> it's entirely possible that the container namespace isolation could
> convey some projection against a number of areas where such a thing
> could arise.
>
> If you're comparing it to things like shared proc, sysfs, or devtmpfs, I
> do see those issues show up (systemd and devtmpfs being my primary
> example and PITA) but have never seen a rouge container application, on
> it's own, do much more than resource starvation (I've got a container
> with a mysql process that occasionally sends my load average into lala
> land).
>
> So, my response would be no, it's not "just as likely" for the simple
> reason that kernel security bugs that would allow it are much less
> likely than configuration collisions that allow conflicts over proc,
> sysfs, or devtmpfs.
>
> Possible - yes. Likely - no. As likely - no.
>
> > Dustin Oprea
> >
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of
> all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
