Tinker with root inside the namespace

[queer]

It's a whole thing and a half, but with a lot of trickery, it might be doable: https://github.com/sevagh/namespace-experiments

[asciimoth]

What about the security issues of running root inside boxxy container(if possible one day)?

If root inside boxxy container could be possible, then an unprivileged user could use this to escalate privileges, for example by substituting /etc with sudoders inside or something.
Can this be fixed by introducing restrictions on which directories can be remounted?
For example, we could allow only dirs owned by user to be remounted, or introduce blocklists of points that are not allowed to be remounted at all.

I'm asking because I'm going to develop a simplified setuid analog that allows root inside the container. And I want to avoid the vulnerabilities that come with it.

[asciimoth]

@queer
Srry for ping

[queer]

What about the security issues of running root inside boxxy container(if possible one day)?

Yes, this is a possible concern. I don't know yet what a good fix would be as, quite honestly, I haven't yet run into a need for sudo inside of the container.

Can this be fixed by introducing restrictions on which directories can be remounted?
For example, we could allow only dirs owned by user to be remounted, or introduce blocklists of points that are not allowed to be remounted at all.

This is a possible fix, yes. I'm unsure what a good compromise on it would be as ex. there may be a genuine use-case for mounting over specific files in /etc.