Your message dated Tue, 14 Oct 2014 18:07:24 +0000
with message-id <e1xe6vi-0000xl...@franck.debian.org>
and subject line Bug#765016: fixed in virt-viewer 1.0-1
has caused the Debian Bug report #765016,
regarding SECURITY - automatically redirects USB devices to guests
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
765016: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765016
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: virt-manager
Version: 1:1.0.1-2.1
Severity: critical
Tags: security
Justification: root security hole
Hi.
Not sure whether the problem here is actually in virt-manager, libvirt
or spice-client-glib-usb-acl-helper.
So pleace redirect as necessary.
I've just noted a very serious behaviour (which is also why I marked
it as critical and root security hole):
It seems that when plugging an USB device into ay computer where
I run virtmanager and where I'm connected to some VMs via SPICE,
that such USB devices are forwarded to that VM. o.O
I wonder how it chooses to which the device is redirected if there
are more VMs connected.
Now SPICE seemst to be the default for newly created VMs via libvirt
and the SPICE USB Redirector devices are created per default as well.
Also this isn't like the "USB Host Device" hardware in
virtmanager/libvirt/qemu, where one at least has to select *which*
USB device is connected.
Now since VM's are often used by people as kind of jails, e.g. running
untrustworthy OSes or programs in it, or since the VM may be just on
any remote server (from work or wherever), redirecting USB devices
without asking is IMHO a great security hole.
The USB device could contain just anything, my most recent hard disk
backup (and thus root passwords, dmcrypt keys etc). or my private
picture collection.
The 2nd critical security aspect of this:
A normal user(!) is apparently allowed to redirect a hardware device.
Not sure whether this is the typical policykit problem that locally
logged in users are handled as if they were root... but hell, one
cannot simply give normal users full access to USB devices if root
hasn't manually allowed them.
Cheers,
Chris
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages virt-manager depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.22.0-1
ii gconf2 3.2.6-3
ii gir1.2-gtk-3.0 3.14.1-1
ii gir1.2-gtk-vnc-2.0 0.5.3-1.2
ii gir1.2-libvirt-glib-1.0 0.1.7-2.1
ii gir1.2-spice-client-gtk-3.0 0.25-1
ii gir1.2-vte-2.90 1:0.36.3-1
ii librsvg2-common 2.40.4-1
ii python-dbus 1.2.0-2+b3
ii python-gi 3.14.0-1
ii python-gi-cairo 3.14.0-1
ii python-ipaddr 2.1.11-2
ii python-libvirt 1.2.8-1
ii python-urlgrabber 3.9.1-4
pn python2.7:any <none>
pn python:any <none>
ii virtinst 1:1.0.1-2.1
Versions of packages virt-manager recommends:
ii gnome-icon-theme 3.12.0-1
ii libvirt-daemon 1.2.9-2
ii python-spice-client-gtk 0.25-1
Versions of packages virt-manager suggests:
ii gnome-keyring 3.14.0-1
ii python-gnomekeyring 2.32.0+dfsg-3
pn python-guestfs <none>
pn ssh-askpass <none>
pn virt-viewer <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: virt-viewer
Source-Version: 1.0-1
We believe that the bug you reported is fixed in the latest version of
virt-viewer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 765...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <a...@sigxcpu.org> (supplier of updated virt-viewer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 14 Oct 2014 19:17:14 +0200
Source: virt-viewer
Binary: virt-viewer
Architecture: source amd64
Version: 1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<pkg-libvirt-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
virt-viewer - Displaying the graphical console of a virtual machine
Closes: 765016
Changes:
virt-viewer (1.0-1) unstable; urgency=medium
.
* [4b49b82] Fix uscan url and verify tarball signatures
* [de8f760] New upstream version 1.0
* [3195708] Disable automatich usb redirection by default (Closes: #765016)
Checksums-Sha1:
d19489e4ce129bbaec098e6222615b242d991a35 2144 virt-viewer_1.0-1.dsc
9b3463ef8cf21d648dcc4fb012d093ba3f2c537b 731635 virt-viewer_1.0.orig.tar.gz
b5f18996f905f497ff45a39d1be5e2a62f771698 15812 virt-viewer_1.0-1.debian.tar.xz
4371875715354325076c57945c2d523b9a29399c 253016 virt-viewer_1.0-1_amd64.deb
Checksums-Sha256:
c44c6a79c9147182ece104b104e5c42ca48aecad8c2392c0c60f2bee56f23500 2144
virt-viewer_1.0-1.dsc
80df4bcde4baccdf248f5004497200e5b5aff2a778cac0c8d6de0bbe7f0f4e27 731635
virt-viewer_1.0.orig.tar.gz
c4787d32565dbe5b10f3d5173bb6158e43d7c47d5519c42e4c31f33c410a13e1 15812
virt-viewer_1.0-1.debian.tar.xz
736cff6037d0b6394a5e82835912dbc25505c6d46df8cecade562ce83edd392a 253016
virt-viewer_1.0-1_amd64.deb
Files:
92bf268d5771075a7fb63cef43987bae 2144 admin extra virt-viewer_1.0-1.dsc
f8c56c0e060f332efdbbc9ba0cd8c250 731635 admin extra virt-viewer_1.0.orig.tar.gz
b563c818c71de8d9bf8d5705553ee579 15812 admin extra
virt-viewer_1.0-1.debian.tar.xz
a8b4eefbd8f98bd12119a0df655749cf 253016 admin extra virt-viewer_1.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBVD1jJQe4t7DqmBILAQgP3Q//d+xnLTuyjNElfdtuWNTTwBp8yuG1+F4A
LATUCSjvYZr//KdxH35EnThYEPBMAAwo8W1IjggZMy9+T4neK3N3BdeSHbBCGNlo
hMmJ+zp277zRRjQz3b7hVuh7VGakU0JN9AxIQtFls1+2GlDSB3x/LSq4MULVGGDW
RuSFyZLVn5AGFYQ3b6b88JsmQsGcl1C3PF1UOK8stNcIH2l66QYZ0oYT/CpMe7o7
Y6qKnugM6G4NlNbJw3JdVJm5fVkuVjqpMl6T5Oqrx3YXUQ8nS6sELr0i6vIT9dPG
fUAZpcsIaenTRmEmaYwzQy97kOZiol3EVKBfKC/AAymfezDx30UWab6RpdqiFlzL
2xWt3GRrSlvuXUGQfKHQRes7J3Ggaz911Exw/8thjRcP2a1V/K3Gb8eDLPk2uJiy
pqCgfb4FRrwkxGGMS1B/ejiFRVbQsqfSWyHUKMxSbkVX8ZH7gEAd1qsljSfRcMho
6/VN2lXiiGRv/qt5vwivc1jzqR5biK86A96LOHLu8VCm2oZA8saR7G1f//EmzcSn
H0zMwFhXcbLclG5wIAvDkeqhUNqbJ1NAYrQYHUHo2N+Diuidy2p1UUxyJOvHZmxY
jUnsMtv/HQTf16gw75meLvhJHT+gvBdIUC57UgvGd/WI0XOSk3snrZ6ry5qevH/n
qXDq9L5jrAo=
=3CyI
-----END PGP SIGNATURE-----
--- End Message ---
