I've reviewed lxcfs 0.7-0ubuntu2 in Vivid. Due to time-constraints, this
should not be considered a full audit. I focused on common mistakes in C
and any interesting pieces of code that caught my eye. Here are some of
the more important pieces from my notes:
* lxcfs provides "A cgroupfs-like tree which is container aware and
works using CGManager." and "A set of files which can be bind-mounted
over their /proc originals to provide CGroup-aware values."
* No CVE history (the project is very young)
* Minimal build deps (libcmanager and libfuse are the only notables)
* lxcfs is a root owned fuse daemon
- Uses libfuse to daemonize
* Test suite consists of two simple tests (one for the cgroup subdir and
one for the proc subdir) that are packaged as autopkgtests
* Packaging is clean and simple
* The build is clean
There is one issue that could be addressed:
* Technically, the memory pointed to by the 'd' pointer is never freed from
main() in lxcfs.c. This is not an issue in practice but would be nice to
silence the warning from cppcheck and probably other checkers.
There is one issue that must be addressed:
* In many of the lxcfs_ops functions, the matching of the /cgroup path
component is a little off. The strncmp() is limited to only the first 7 chars
and then there's nothing in pick_controller_from_path() verifying that the
8th char is a '/'. This results in "/cgroup@freezer/a/b" being treated as a
valid path.
There is one open question that I have:
* In pid_to_ns_wrapper(), you access /proc/<PID>/ns/pid, where <PID> comes from
the struct fuse_context that is initially passed into lxcfs_read(). Is that
process pinned for the lifetime of the lxcfs_read() or could it be recycled
in the middle of the lxcfs_read()? We need to be sure that
pid_to_ns_wrapper() is not accessing the ns of a recycled pid.
Once the "/cgroup" strncmp() matching issue is fixed and
pid_to_ns_wrapper() is deemed safe, lxcfs gets a Security Team ack for
main. It is a complex solution for a complicated problem but I'm very
confident that the containers team will quickly address any issues
discovered in the future. Thanks!
** Changed in: lxcfs (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => Stéphane Graber (stgraber)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1413405
Title:
[MIR] lxcfs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1413405/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
