Problem is because C LXC ABI is unstable and would prevent building docker under osx or win. ALso under linux you would need at least sources for liblxc(they are different for each distribution) and unstable docker daemon which is locked to specific distribution with specific version of LXC ABI is a bad thing.
Why is this a problem at all? There is no user supplied input here. There is some string mangling in commands below, but it looks like none of it can be manipulated by a malicious user. It's not a security issue. It sounds like OP just thinks that subprocesses are icky.
Well, not necessarily. It would be much less of a problem if a) a full path name were provided and b) care was taken to ensure that the path name separator had not been overridden.
As written, or with 'a' but not 'b', there may be a possibility of an attacker manipulating $PATH to cause their own identically-named executable to be invoked with Docker's own privileges.
7 comments
[ 1.8 ms ] story [ 37.7 ms ] threadAs written, or with 'a' but not 'b', there may be a possibility of an attacker manipulating $PATH to cause their own identically-named executable to be invoked with Docker's own privileges.