[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid, chroot and se
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid, chroot and setgroups to whitelist |
Date: |
Mon, 2 Nov 2015 08:51:26 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 30/10/2015 14:44, Eduardo Otubo wrote:
> From: Namsun Ch'o <address@hidden>
>
> The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are
> needed for -runas to work. It also doesn't whitelist chroot, which is needed
> for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
> privileges or chroots, so without these whitelisted, -runas and -chroot cause
> QEMU to be killed with -sandbox on. This patch adds those syscalls.
I think this patch should not be applied, because it completely defeats
the purpose of the sandbox. With these syscalls whitelisted, -runas and
-chroot have absolutely no effect against an attacker, even with
-sandbox on.
Paolo
- Re: [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid, chroot and setgroups to whitelist,
Paolo Bonzini <=