Hello Romain
On Mon, 10 Apr 2023 17:11:40 +0200 Romain Francoise <rfranco...@debian.org>
wrote:
Hi,
On Fri, Mar 3, 2023 at 9:45 AM Gianfranco Costamagna
<locutusofb...@debian.org> wrote:
> + # allow printing to stdout/stderr when inside a container
> + # (LP: #1667016)
> + /dev/pts/* rw,
Thank you for reporting this issue, and the patch. While the change is
indeed trivial, giving unfettered rw access to /dev/pts/* it is a high
price to pay in terms of weakening the sandbox for an uncommon use
case. With access to /dev/pts, an attacker can access SSH sessions and
other terminals.
Is there any way this could be fixed on the LXD side, or made more restrictive?
Sadly I don't know and I'm not aware of any. If you want, you can directly
discuss on
https://bugs.launchpad.net/debian/+source/tcpdump/+bug/1667016
maybe we can find a better agreement on it?
G.
