Comment 3 for bug 1639345

Thanks for the report.

As you mentioned LXC 2.0 is now using an intermediate PTS pair to avoid attacks against the host TTY. We're also meant to be using our own copy of proc during attach, but apparently have missed a couple of places.

It's certainly our goal that lxc-attach shouldn't rely on any information coming from inside the container as that can be indeed modified by the user to attack a root process attaching to the container.