[Bug 691590] Re: libvirt should not take ownership of ISO images

Phillip Susi psusi at ubuntu.com
Tue Jun 9 01:32:00 UTC 2015


This really feels like a serious security bug.  The whole point of
running qemu as non root is to prevent it from accessing files that you
haven't given it permission to.  By blindly chowning files to the qemu
user, you allow for the user who is given permission to run virtual
machines to start one with direct access to your /boot partition and
hack the host system.

Even if you do wish to bypass permissions and allow the vm access to
whatever file a vm admin has configured it to ( under the assumption
that they are trusted as if root ), you don't do that with the sledge
hammer of chowning the file; you open the file while still root, and
pass the open file descriptor to qemu.

Really, it should assume the identity of the user who is requesting that
the vm be started and open the file as them rather than root, thus
restricting access only to the files that user has access to, but that
may be considered a separate issue.

For now I will focus on at least getting rid of the bad behavior of
permanently chowning files.


** Changed in: libvirt (Ubuntu)
       Status: Won't Fix => Triaged

** Changed in: libvirt (Ubuntu)
     Assignee: (unassigned) => Phillip Susi (psusi)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/691590

Title:
  libvirt should not take ownership of ISO images

To manage notifications about this bug go to:
https://bugs.launchpad.net/libvirt/+bug/691590/+subscriptions



More information about the Ubuntu-server-bugs mailing list