Comment 1 for bug 1261045

Revision history for this message
usrflo (sager) wrote :

I re-checked in detail, the execution of lxc-start is unproblematic since the init script is run inside the container.
But the execution of lxc-create -t sshd for the next container can be exploited.

Please correct in my bug report:

>>>
... So harm could be done to the host system at the next execution of lxc-create -t sshd.
<<<

For your re-test:

1) add "echo I am `id` on `hostname`" to the template lxc-sshd

2) exploit:
root@agiadm:/usr/lib/lxc/templates# lxc-create -n ssh2 -t sshd

No config file specified, using the default config
I am uid=0(root) gid=0(root) Gruppen=0(root) on agiadm
...
'sshd' template installed
'ssh2' created

3) no problem:
root@agiadm:/usr/lib/lxc/templates# lxc-start -n ssh2
I am uid=0(root) gid=0(root) Gruppen=0(root) on ssh2
/usr/lib/lxc/lxc-init ist /usr/lib/lxc/lxc-init