Summary: | app-emulation/libvirt allows access to arbitrary files | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Maier <tamiko> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Matthias Maier
2011-08-13 21:22:37 UTC
You can't prevent against bad configuration. This is the same thing as someone setting DocumentRoot / in Apache. Don't specify "disks" in your configs that aren't disks. The vulnerability would require the root user to define a disk like that and to run it from the system libvirt (again root user). If someone was using a session libvirt (running as an unprivileged user), they would not be able to even start the virtual machine to access /etc/shadow so there is only a concern here when root does something stupid by giving access to files that shouldn't have access. Given the explanation of the maintainer we do not consider this to be a security issue. Thanks. |