oss-security - qemu-bridge-helper minimizing patch

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Wed, 16 Jul 2014 12:06:27 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: oss-security@...ts.openwall.com
Subject: qemu-bridge-helper minimizing patch

Hi,

For the qemu-bridge-helper which is part of qemu and meant
to run as suid root, I removed a lot of dependencies with
this patch:

http://bugzillafiles.novell.org/attachment.cgi?id=598793

It was linked against the whole set of qemu libs before,
so very good chance to exploit the suid via one of the
more than 50 libs' init code.
It also fixes minor theoretically issue to be on the safe side:
Dropping uid to user once work has been done but before sending
the fd across a UNIX socket.

I dont think that there is a CVE required for any of this (unless
someone manages to make an exploit for one of the dependency-libs
that were loaded before).

If someone from RH could bring this upstream, it would be very
helpful. Last time I tried commiting a fix for ivshmem I just
got reverse-blaming.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.