"Daniel P. Berrange" writes:
> On Thu, Sep 29, 2011 at 11:42:47PM +0530, M. Mohan Kumar wrote:
>> On Wednesday, September 28, 2011 08:29:06 PM Daniel P. Berrange wrote:
[...]
>> > If we assume that QEMU gets exploited, and that QEMU can find some flaw
>> > in the proxy_helper that it can exploit,
>
> That is the case if the proxy helper code is perfectly written. I am trying
> to think about the scenario where there is a bug (eg heap corruption /
> stack overflow) which allows a malicious non-root QEMU process to exploit
> the proxy helper to run code that it was *not* intended to run.
>
On Thu, Sep 29, 2011 at 11:42:47PM +0530, M. Mohan Kumar wrote:
> On Wednesday, September 28, 2011 08:29:06 PM Daniel P. Berrange wrote:
> > On Wed, Sep 28, 2011 at 07:49:34PM +0530, M. Mohan Kumar wrote:
> > > Pass-through security model in QEMU 9p server needs root privilege to do
> > > few file
On Wednesday, September 28, 2011 08:29:06 PM Daniel P. Berrange wrote:
> On Wed, Sep 28, 2011 at 07:49:34PM +0530, M. Mohan Kumar wrote:
> > Pass-through security model in QEMU 9p server needs root privilege to do
> > few file operations (like chown, chmod to any mode/uid:gid). There are
> > two i
On Wed, Sep 28, 2011 at 07:49:34PM +0530, M. Mohan Kumar wrote:
> Pass-through security model in QEMU 9p server needs root privilege to do few
> file operations (like chown, chmod to any mode/uid:gid). There are two issues
> in pass-through security model
>
> 1) TOCTTOU vulnerability: Following s
Pass-through security model in QEMU 9p server needs root privilege to do few
file operations (like chown, chmod to any mode/uid:gid). There are two issues
in pass-through security model
1) TOCTTOU vulnerability: Following symbolic links in the server could
provide access to files beyond 9p export
