[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC] Adding new filesystem 'proxy' to 9p
From: |
M. Mohan Kumar |
Subject: |
Re: [Qemu-devel] [RFC] Adding new filesystem 'proxy' to 9p |
Date: |
Tue, 4 Oct 2011 16:38:22 +0530 |
User-agent: |
KMail/1.13.7 (Linux/2.6.40-4.fc15.x86_64; KDE/4.6.5; x86_64; ; ) |
>
> That is the case if the proxy helper code is perfectly written. I am trying
> to think about the scenario where there is a bug (eg heap corruption /
> stack overflow) which allows a malicious non-root QEMU process to exploit
> the proxy helper to run code that it was *not* intended to run.
>
> If the proxy helper is running root with all capabilities, then a bug in
> the proxy helper can easily turn into a full root exploit.
>
> If the proxy helper starts as root, chroots, and then immediately drops to
> a non-root user, keeping only the CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FOWNER
> and CAP_DAC_READ_SEARCH capabilities, then a bug in the proxy helper can
> only be used to access files within the designated 9pfs export. If the
> exported directory does not contain any important host system files, then
> it is unlikely it can be used to create a full root exploit.
>
Thanks Daniel, I will add 'capabiliies' to proxy helper. CAP_FOWNER capability
also need.
I am working on the patches. I will post them in few days.
- Re: [Qemu-devel] [RFC] Adding new filesystem 'proxy' to 9p,
M. Mohan Kumar <=