|
Message-ID: <53A19CAF.8040408@redhat.com> Date: Wed, 18 Jun 2014 10:05:35 -0400 From: Daniel J Walsh <dwalsh@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: docker VMM breakout On 06/18/2014 09:39 AM, Sven Kieske wrote: > Am 18.06.2014 12:15, schrieb David Jorm: >> I tested libvirt via virsh and by default both CAP_DAC_READ_SEARCH and >> CAP_DAC_OVERRIDE are available (and thus the PoC does run). However, >> this default is well documented as is the general insecurity of libvirt >> in regards to DAC, so I don't think a CVE ID is required for libvirt. > I fail to see why this should be true. > On most distributions libvirt spawned vms do not run as root but as user > qemu or similar. > according to the documentation at: > http://libvirt.org/drvqemu.html#securitycap > > this should imply that libvirt drops these capabilities. > > Please correct me if I'm wrong. > > Why is this assumed a problem. CONTAINERS DO NOT CONTAIN. Root inside the container == Root outside the container. This is true in both libvirt-sandbox/libvirt-lxc and docker. We have a long way to go before we can run anything within a container without this rule. User Namespace, SELinux or other MAC are all required to get us near the point where Container Contain. People who run services within a container should continue to drop privs in the services and run them as UID!=0
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.