[Secure-testing-team] Bug#758643: lxc-create creates vulnerable system in default debian template

Ondřej Surý ondrej at debian.org
Tue Aug 19 15:10:33 UTC 2014 

Package: lxc
Version: 1:1.0.5-1
Severity: grave
Tags: security upstream patch
Justification: user security hole

lxc-create will by default set root password to 'root'.

This is a horrible practice and together with default installation of
openssh-server with PermitRootLogin yes create a security hole in each
and every container created and booted with IP address.

Attached is a simple fix that generates random password using pwgen
package.

All other templates needs to be checked as well.

Cheers,
Ondrej

diff --git a/debian/control b/debian/control
index 9a890a1..a5fa12c 100644
--- a/debian/control
+++ b/debian/control
@@ -17,6 +17,7 @@ Build-Depends:
  linux-libc-dev,
  pkg-config,
  python3-dev,
+ pwgen
 Standards-Version: 3.9.5
 Homepage: http://linuxcontainers.org/
 Vcs-Browser: http://daniel-baumann.ch/gitweb/?p=debian/packages/lxc.git

$ cat debian/patches/0010-Generate-a-random-password-in-default-debian-templat.patch 
From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ondrej at sury.org>
Date: Tue, 19 Aug 2014 17:08:16 +0200
Subject: Generate a random password in default debian template

---
 templates/lxc-debian.in | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
index c2076dc..5cf928d 100644
--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -148,8 +148,10 @@ EOF
         echo "Timezone in container is not configured. Adjust it manually."
     fi
 
-    echo "root:root" | chroot $rootfs chpasswd
-    echo "Root password is 'root', please change !"
+    password=$(pwgen 10 1)
+
+    echo "root:$password" | chroot $rootfs chpasswd
+    echo "Root password is '$password', please change !"
 
     return 0
 }



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-rc6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lxc depends on:
ii  libapparmor1       2.8.0-5.1+b2
ii  libc6              2.19-9
ii  libcap2            1:2.24-4
ii  libseccomp2        2.1.1-1
ii  libselinux1        2.3-1
ii  multiarch-support  2.19-9
ii  python3            3.4.1-1

Versions of packages lxc recommends:
ii  lua5.2  5.2.3-1
ii  rsync   3.1.1-2

Versions of packages lxc suggests:
ii  debootstrap  1.0.60

-- no debconf information

More information about the Secure-testing-team mailing list