Date: Mon, 14 Dec 2015 12:14:39 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: Gentoo Security <security@...too.org> Subject: CVE Request: Local Privilege Escalation in QEMU virtfs-proxy-helper Hi folks, Some distros make qemu's virtfs-proxy-helper binary either SUID or give it filesystem capabilities such as cap_chown. This is completely insane for a wide variety of reasons; there are quite a few ways of abusing this to elevate privileges. This commit fixes the issue in Gentoo: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=183dd7394703b49c7af441a9c4227b4b91453510 The commit message contains a TOCTOU PoC. Can we get a CVE for this blunder? Other distributions - you might want to double check that you're not making a similar mistake. I have no idea if QEMU upstream recommends suid/fscaps in some documentation, or something similar, in which case that'll need to be changed. Thanks, Jason
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.