Date: Mon, 14 Dec 2015 12:14:39 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: Gentoo Security <security@...too.org> Subject: CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper Hi folks, Some distros make qemu's virtfs-proxy-helper binary either SUID or give it filesystem capabilities such as cap_chown. This is completely insane for a wide variety of reasons; there are quite a few ways of abusing this to elevate privileges. This commit fixes the issue in Gentoo: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=183dd7394703b49c7af441a9c4227b4b91453510 The commit message contains a TOCTOU PoC. Can we get a CVE for this blunder? Other distributions - you might want to double check that you're not making a similar mistake. I have no idea if QEMU upstream recommends suid/fscaps in some documentation, or something similar, in which case that'll need to be changed. Thanks, Jason
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ