User ID's and OpenVZ - something you should really consider fixing [message #21747] |
Mon, 15 October 2007 20:00 |
devonblzx
Messages: 127 Registered: December 2006
|
Senior Member |
|
|
Something I noticed today. I have been running under OpenVZ for a while now and have not run into any main issues but recently I was running commands under a user I made on the main node and when I typed killall -9 process, I thought all was well because it was just a regular user nothing bad should have happened. Little did I know the way OpenVZ reads the user ID's. Apparently when I ran that under my user (user id 501) it killed every single kind of the process in the VPS's who had them running under user ID 501. It was a screen that I killed and I could not figure out why it was happening to this user until I decided to do a ps on the system.
When I ran the "ps ax | grep user" it showed up as my username owning all the processes inside of the VPS's owned by user 501. This means my regular user had access to kill every single process running under that UID inside any VPS.
I guess I had never noticed this before because I don't usually do much with my username on the VPS nodes but this just doesn't seem very secure.
ByteOnSite President
|
|
|