Does VncTerm have a security problem?

J

jonas

Renowned Member
Feb 15, 2010
1
0
66
On the following URL http://download.swsoft.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxReference/386.htm I can read:
"However, be aware that vzctl enter is a potentially dangerous command if you have un-trusted users inside the Container. Your shell will have its file descriptors accessible for the Container root in the /proc filesystem and a malicious user could run ioctl calls on it. Never use vzctl enter for Containers you do not trust."

Is this a security problem that exist in Proxmox? If not, is the vzctl patched or how is it done to be more secure?
 
The VNC console is onyl suitable to setup a container. After that you should use ssh (or rdp for windows KVM´s) to access the container. But thank for that hint - I will ask on the openvz list how to avoid that problem.
 
Last edited by a moderator:
Just got a reply from the openvz team

The problem here is you open the tty/pty terminal pair between the HW and CT, and by using some terminal ioctls it is possible to do nasty things on host. We believe the issue is non-existent in vzctl since there are two pairs of tty/pty involved to not let the CT end control the host end.
Click to expand...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back