[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid, chroot and se
From: |
Eduardo Otubo |
Subject: |
Re: [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid, chroot and setgroups to whitelist |
Date: |
Wed, 11 Nov 2015 09:25:54 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Mon, Nov 02, 2015 at 08=51=26AM +0100, Paolo Bonzini wrote:
>
>
> On 30/10/2015 14:44, Eduardo Otubo wrote:
> > From: Namsun Ch'o <address@hidden>
> >
> > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which
> > are
> > needed for -runas to work. It also doesn't whitelist chroot, which is needed
> > for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
> > privileges or chroots, so without these whitelisted, -runas and -chroot
> > cause
> > QEMU to be killed with -sandbox on. This patch adds those syscalls.
>
> I think this patch should not be applied, because it completely defeats
> the purpose of the sandbox. With these syscalls whitelisted, -runas and
> -chroot have absolutely no effect against an attacker, even with
> -sandbox on.
>
Also, Namsun's emails are bouncing back. Don't know if it's worth to
merge them with no valid author's contact.
--
Eduardo Otubo
ProfitBricks GmbH
signature.asc
Description: Digital signature