On 10/24/2011 03:21 PM, Anthony Liguori wrote:
On 10/24/2011 02:13 PM, Corey Bryant wrote:
Right, it's not desirable, but isn't that the best we can do without
libcap or FS capabilities?
I think the best we can do is not let it run in those cases. :) I'd
like see if
others in the community have an opinion on this though.
IMHO, it should work as an setuid binary maintaining root privileges. As
long as it's a small binary (which it is) and is easy to audit, it
should be safe.
Regards,
Anthony Liguori
Alright, I'll concede on this. I'll run a static analyzer on the code and let it
run as root if libcap-ng is not configured.
It would be nice to also cut an audit record, but I'm not seeing a precedence
for doing that in QEMU. Any thoughts?