[Users] vzctl enter potentially dangerous
Dietmar Maurer
dietmar at proxmox.com
Tue Feb 16 04:04:36 EST 2010
Hi all,
On the following URL http://download.swsoft.com/virtuozzo...erence/386.htm I can read:
"However, be aware that vzctl enter is a potentially dangerous command if you have un-trusted users inside the Container. Your shell will have its file descriptors accessible for the Container root in the /proc filesystem and a malicious user could run ioctl calls on it. Never use vzctl enter for Containers you do not trust."
Is there a way to avoid that security problem? Is there an example exploit for above issue?
- Dietmar
More information about the Users
mailing list