summaryrefslogtreecommitdiffstats
path: root/daemon
diff options
context:
space:
mode:
authorRichard W.M. Jones <rjones@redhat.com>2011-12-22 17:56:47 +0000
committerRichard W.M. Jones <rjones@redhat.com>2011-12-22 18:12:48 +0000
commit9a5f784d511a8f00a8386f316eab41fe660430db (patch)
treedd9fac35fa9707dc7729ccd5e69940166407a131 /daemon
parentad5b5f96da53a6f51424e22e26f2d8a325eec681 (diff)
downloadlibguestfs-9a5f784d511a8f00a8386f316eab41fe660430db.tar.gz
libguestfs-9a5f784d511a8f00a8386f316eab41fe660430db.tar.xz
libguestfs-9a5f784d511a8f00a8386f316eab41fe660430db.zip
Security: Mitigate possible privilege escalation via SG_IO ioctl (CVE-2011-4127, RHBZ#757071)
CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from the underlying host device to be read and written. Significantly, neither qemu nor the host kernel checks that the range of sectors is within the partition / LV assigned to the guest. For example, if the guest is assigned host partition /dev/sda3, it would be able to read or write any part of /dev/sda including other partitions and the boot sector. Exploits through LVs passed to the guest are also possible, with some limitations. File-backed virtual block devices are not vulnerable. Non-virtio block devices are not vulnerable. This patch mitigates the problem by disabling the SG_IO ioctl passthrough in qemu. Thus if libguestfs is examining an untrusted guest and the libguestfs appliance/daemon is compromised (eg. by executing guest commands, or through some other compromise), then the compromised appliance will not be able to issue the above SG_IO ioctls and exploit the host. Note that this is just mitigation for libguestfs. Users will still want to fully update their host kernel, qemu/KVM and libvirt, in order to prevent other (non-libguestfs) routes to compromise. The following versions of libguestfs (will/have) this patch applied. libguestfs >= 1.15.13 libguestfs >= 1.14.8 libguestfs >= 1.12.11 libguestfs >= 1.10.12 libguestfs >= 1.8.16 Earlier versions may be vulnerable unless a downstream packager has applied this patch. Cc: Hilko Bengen <bengen@hilluzination.de>
Diffstat (limited to 'daemon')
0 files changed, 0 insertions, 0 deletions