Public bug reported:
Currently we wget the ubuntu-cloud template without any integrity
verification. We then proceed to execute binaries like /bin/passwd
while still in the ubuntu-cloud template (in a chroot, but without any
effective containment). We should be verifying that the image we
download has not been tampered with.
** Affects: lxc (Ubuntu)
Importance: Medium
Assignee: Scott Moser (smoser)
Status: Triaged
** Changed in: lxc (Ubuntu)
Status: New => Triaged
** Changed in: lxc (Ubuntu)
Importance: Undecided => Medium
** Changed in: lxc (Ubuntu)
Assignee: (unassigned) => Scott Moser (smoser)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1182458
Title:
ubuntu-cloud template: use simplestreams to add integrity verification
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1182458/+subscriptions
--
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
