[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest
From: |
Laurent Vivier |
Subject: |
Re: [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest |
Date: |
Wed, 02 Jan 2013 20:37:38 +0100 |
Le mercredi 02 janvier 2013 à 01:16 +0000, Peter Maydell a écrit :
> On 20 December 2012 20:56, Laurent Vivier <address@hidden> wrote:
> > When qemu-linux-user is used in a linux container or chroot,
> > if it needs to load binaries with SUID/SGID bits, it needs to
> > have root rights to be able to change UID/GID. To do that, we
> > need to install it with SUID bits and root owner.
>
> I suspect a suid qemu binary is a big fat security hole...
This is why this feature is disabled by default and must be enabled with
configure. Moreover this is only for qemu-linux-user and the first thing
done in main() is to set euid/egid to real uid/gid.
> > Then, if the SUID bit is not set on the binary to load,
> > qemu will set its UID to the saved UID (the current user ID).
> >
> > To be able to retrieve unsecure environment variables (LD_PRELOAD,
> > LD_LIBRARY_PATH) with SUID bit, we need to disable "unsetenv()".
> > Otherwise libc unsets these variables before entering in main()
>
> This is basically deliberately disabling a glibc security check.
Yes, but this security check is mainly to avoid to load unsecure
library. To avoid this too, we force the "--static" mode. This is not
perfect but bring to qemu-linux-user an interesting feature.
> Needs careful thought and review (which I don't have time for
> just now I'm afraid) before this can be committed.
>
> -- PMM
--
"Just play. Have fun. Enjoy the game."
- Michael Jordan