543400 – app-emulation/qemu-2.2.1: qemu-bridge-helper should be setuid root

Bug 543400 - app-emulation/qemu-2.2.1: qemu-bridge-helper should be setuid root

Summary: app-emulation/qemu-2.2.1: qemu-bridge-helper should be setuid root

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-15 10:47 UTC by Alexander E. Patrakov
Modified:	2015-03-15 10:48 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander E. Patrakov 2015-03-15 10:47:01 UTC

/usr/libexec/qemu-bridge-helper is intended (as documented in http://wiki.qemu.org/Features-Done/HelperNetworking ) to be installed setuid. It allows non-privileged qemu instances to connect to an existing bridge. It is currently missing its setuid bit:

$ ls -la /usr/libexec/qemu-bridge-helper
-rwx--x--x 1 root root 14120 Mar 15 14:50 /usr/libexec/qemu-bridge-helper


Reproducible: Always

Comment 1 Alexander E. Patrakov 2015-03-15 10:48:48 UTC

Invalid: the intended functionality is provided via filesystem capabilities. Sorry for the noise!

$ getcap /usr/libexec/qemu-bridge-helper
/usr/libexec/qemu-bridge-helper = cap_net_admin+ep