Hello everybody,
this is my first post so I'm not sure whether it's the right place to ask. So if it's preferred to discuss things in a more private place please delete this and drop me a pm with the correct contact to discuss this..
First I want to say that I like the proxmox stack (PVE + PBS) very much I'm using it to setup my own little homelab and loving it.
Now I have stumbled across the following, which I probably misunderstood. I would greatly appreciate any hint on the nature of my misreasoning.
When I created my first lxc containers I noticed the templates library with alpine, debian etc. Although this is quite useful I noticed something which give me some pause:
When I download a container with this function it lands in my local storage with root:root so It looks like the actual download is done as a root user. This would worry me a bit since this might lead to a situation where somebody could download a malicious template with root privileges.
On the other hand pveproxy run as www-data which is propably the user the web interface is running under and thus also downloading the templates as www-data before changing the owner and group to root. I tried to look it up in the source and find out that the pveam command line tool seems to do the actual download but since I have no skills in perl I wasn't any wiser.
So the question is: Am I totally paranoid or is this a possible problem? After all in every other aspect my impression is, that the proxmox team deeply cares about security so I assume that I'm wrong. How exactly and under which user does pveam (or whatever piece of code does the template downloading and installing) run?
Many thanks in advance and best regards, Johannes
this is my first post so I'm not sure whether it's the right place to ask. So if it's preferred to discuss things in a more private place please delete this and drop me a pm with the correct contact to discuss this..
First I want to say that I like the proxmox stack (PVE + PBS) very much I'm using it to setup my own little homelab and loving it.
Now I have stumbled across the following, which I probably misunderstood. I would greatly appreciate any hint on the nature of my misreasoning.
When I created my first lxc containers I noticed the templates library with alpine, debian etc. Although this is quite useful I noticed something which give me some pause:
When I download a container with this function it lands in my local storage with root:root so It looks like the actual download is done as a root user. This would worry me a bit since this might lead to a situation where somebody could download a malicious template with root privileges.
On the other hand pveproxy run as www-data which is propably the user the web interface is running under and thus also downloading the templates as www-data before changing the owner and group to root. I tried to look it up in the source and find out that the pveam command line tool seems to do the actual download but since I have no skills in perl I wasn't any wiser.
So the question is: Am I totally paranoid or is this a possible problem? After all in every other aspect my impression is, that the proxmox team deeply cares about security so I assume that I'm wrong. How exactly and under which user does pveam (or whatever piece of code does the template downloading and installing) run?
Many thanks in advance and best regards, Johannes
