Date: Wed, 16 Jul 2014 12:06:27 +0200 From: Sebastian Krahmer <krahmer@...e.de> To: oss-security@...ts.openwall.com Subject: qemu-bridge-helper minimizing patch Hi, For the qemu-bridge-helper which is part of qemu and meant to run as suid root, I removed a lot of dependencies with this patch: http://bugzillafiles.novell.org/attachment.cgi?id=598793 It was linked against the whole set of qemu libs before, so very good chance to exploit the suid via one of the more than 50 libs' init code. It also fixes minor theoretically issue to be on the safe side: Dropping uid to user once work has been done but before sending the fd across a UNIX socket. I dont think that there is a CVE required for any of this (unless someone manages to make an exploit for one of the dependency-libs that were loaded before). If someone from RH could bring this upstream, it would be very helpful. Last time I tried commiting a fix for ivshmem I just got reverse-blaming. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@...e.de - SuSE Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ