Does VncTerm have a security problem?

[jonas]

On the following URL http://download.swsoft.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxReference/386.htm I can read:
"However, be aware that vzctl enter is a potentially dangerous command if you have un-trusted users inside the Container. Your shell will have its file descriptors accessible for the Container root in the /proc filesystem and a malicious user could run ioctl calls on it. Never use vzctl enter for Containers you do not trust."

Is this a security problem that exist in Proxmox? If not, is the vzctl patched or how is it done to be more secure?

 

[dietmar]

The VNC console is onyl suitable to setup a container. After that you should use ssh (or rdp for windows KVM´s) to access the container. But thank for that hint - I will ask on the openvz list how to avoid that problem.

 

[dietmar]

Just got a reply from the openvz team

The problem here is you open the tty/pty terminal pair between the HW and CT, and by using some terminal ioctls it is possible to do nasty things on host. We believe the issue is non-existent in vzctl since there are two pairs of tty/pty involved to not let the CT end control the host end.