[Bug 645625] [NEW] lxc container can power-off the host machine

Wed, 22 Sep 2010 15:45:37 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: lxc

Bug related information:
# lsb_release -rd
Description:    Ubuntu 10.04.1 LTS
Release:        10.04
# apt-cache policy lxc
lxc:
  Installed: 0.7.2-1~10.04~csz1
  Candidate: 0.7.2-1~10.04~csz1
  Version table:
 *** 0.7.2-1~10.04~csz1 0
        500 http://ppa.launchpad.net/cszikszoy/ppa/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status
     0.6.5-1 0
        500 http://mirror.switch.ch/ftp/mirror/ubuntu/ lucid/universe Packages

(NEVERMIND if I am using a PPA version: it's the same version you're
using in Maverick and I don't think this is causing the issue that I am
facing now).

I created a system image by using the tool "lxc-create" and by using the 
included templates (I even created images myself without this tool, nothing 
changes with this issue)
The tool makes all the steps to create the image (debootstrap and so on) and, 
at the end of the process, it creates a config file suitable for that image.
One of the last rows of the config file is:
lxc.mount.entry=proc /lxc/cont_1/rootfs/proc proc nodev,noexec,nosuid 0 0
same identical problem happens if I comment out this row and I mount /proc 
myself from /etc/fstab inside the container

The problem arises when I issue the command:
echo b > /proc/sysrq-trigger
In this case the host machine will power-off, and not the container.

It's possible to check what I said, without harming your server, just by 
running a sync command on the container: 
echo b > /proc/sysrq-trigger
and checking /var/log/messages on the host server.

Right now, I have no idea how to circumvent this issue, and if this
problem persist, I feel the security of LXC is heavily compromised.

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

-- 
lxc container can power-off the host machine
https://bugs.launchpad.net/bugs/645625
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to