On 11/11/2016 10:48 AM, Guido Günther wrote:
As far as I understand your report you're disabling the feature you
want: having libvirt fixup permissions. If you disable it you have (or
virt-manager) to do that.
There might be a bug in virt-manager where it should take more care of
adjusting permissions but it's hard to figure that out from your
report. You don't give virt-manager-versions, file permissions, etc or
what you did to get it to work.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649
This behavior is so vile that it's been the cause of CVEs, just as
people predicted it would be (see the Ubuntu bug report in my previous
response).
This still looks like a security issue to me. I can easily change the
permission of any root:root owned file to libvirt-qemu:libvirt-qemu on
the filesystem, as previously documented here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649#43
Once I can do that, I can write/wipe the file, as I just did to one of
my older kernels under /boot:
[/boot]
shara@panic-->ls /boot/vmlinuz-4.*
-rw-r--r-- 1 libvirt-qemu libvirt-qemu 5 Nov 11 18:21
/boot/vmlinuz-4.4.0-1-amd64
-rw-r--r-- 1 root root 3.7M Apr 14 2016
/boot/vmlinuz-4.5.0-1-amd64
-rw-r--r-- 1 root root 3.7M Jul 18 12:57
/boot/vmlinuz-4.6.0-1-amd64
In practicality, this probably isn't very serious.... but damn if it
ain't stupid.
