Comment 5 for bug 1829071
Revision history for this message
| Stéphane Graber (stgraber) wrote Re: [Bug 1829071] [NEW] Privilege escalation via LXD (local root exploit) | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
eee2d0b
(Get the code!)
The logic is based (as in copy/pasted) from what was done for libvirt
with libvirtd offering similar privileges to lxd as far as being able to
quickly become root on the system.
If this is considered to be an actual issue, then we need to look at all
packages in the archive which rely on the same logic to add existing
users of the admin & sudo groups into their own group for interaction
with a privileged daemon that can allow escalation to root.
Worth noting that the LXD snap while it does create the group, doesn't
add users to it (as finding a suitable base group that works on all
distros proved difficult).