boxxy Tinker with root inside the namespace

It's a whole thing and a half, but with a lot of trickery, it might be doable: https://github.com/sevagh/namespace-experiments

Feb 10 '23 13:02 queer

What about the security issues of running root inside boxxy container(if possible one day)?

If root inside boxxy container could be possible, then an unprivileged user could use this to escalate privileges, for example by substituting /etc with sudoders inside or something. Can this be fixed by introducing restrictions on which directories can be remounted? For example, we could allow only dirs owned by user to be remounted, or introduce blocklists of points that are not allowed to be remounted at all.

I'm asking because I'm going to develop a simplified setuid analog that allows root inside the container. And I want to avoid the vulnerabilities that come with it.

Feb 19 '24 21:02 asciimoth

@queer Srry for ping

Feb 24 '24 22:02 asciimoth

What about the security issues of running root inside boxxy container(if possible one day)?

Yes, this is a possible concern. I don't know yet what a good fix would be as, quite honestly, I haven't yet run into a need for sudo inside of the container.

Can this be fixed by introducing restrictions on which directories can be remounted? For example, we could allow only dirs owned by user to be remounted, or introduce blocklists of points that are not allowed to be remounted at all.

This is a possible fix, yes. I'm unsure what a good compromise on it would be as ex. there may be a genuine use-case for mounting over specific files in /etc.

Feb 28 '24 21:02 queer