-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51564/#review147497
-----------------------------------------------------------




src/main/python/apache/aurora/executor/common/sandbox.py (line 239)
<https://reviews.apache.org/r/51564/#comment214675>

    This changes seems to come with a severe security risk. As an normal user, 
I can now gain root on any agent:
    
    * Prepare a docker/appc container with a manually crafted user with UID 0 
but with my role name.
    * Launch the container with said role name.
    * The sandbox code will bail out early here and don't proceed to create an 
unpriviledged user
    * Setuid will switch from root to my prepare custom user with root 
permissions
    * Game over  
    
    Unless someone can correct me here, that would be a -1 from my end.


- Stephan Erb


On Aug. 31, 2016, 10:56 p.m., Zhitao Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51564/
> -----------------------------------------------------------
> 
> (Updated Aug. 31, 2016, 10:56 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen, John Sirois, and Zameer Manji.
> 
> 
> Bugs: AURORA-1761
>     https://issues.apache.org/jira/browse/AURORA-1761
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Allow E_NAME_IN_USE in useradd/groupadd.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/aurora/executor/common/sandbox.py 
> a172691e164cf64792f65f049d698f9758336542 
>   src/test/python/apache/aurora/executor/common/test_sandbox.py 
> 57ab39e2444100c3a689bb0ff745c62f7bc2f1a6 
> 
> Diff: https://reviews.apache.org/r/51564/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Zhitao Li
> 
>

Reply via email to