Re: [Qemu-devel] [PATCH] introduce environment variables for all qemu-us

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] introduce environment variables for all qemu-us

From:	Yann Dirson
Subject:	Re: [Qemu-devel] [PATCH] introduce environment variables for all qemu-user options
Date:	Sat, 20 Aug 2011 19:29:47 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

This patch will be useful, but there is a security problem in its
current form.  The qemu-user-static package installs binfmt-misc
entries with "flags: OC", which makes the binary honor setuid bits.

Regardless of whether it is a good idea or not, the envvars ought to
be ignored in such a case.  Some clever checks using getresuid(), or
just geteuid() and getuid() when getresuid() is not available, surely
have to done.  There is probably some existing code for this in other
programs...

Best regards,
-- 
Yann

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH] introduce environment variables for all qemu-user options, Peter Maydell, 2011/08/05
- [Qemu-devel] [PATCH] introduce environment variables for all qemu-user options, Johannes Schauer, 2011/08/06
  - Re: [Qemu-devel] [PATCH] introduce environment variables for all qemu-user options, Yann Dirson <=

Prev by Date: [Qemu-devel] [Bug 826363] Re: qemu-img convert does not work with vdi files
Next by Date: [Qemu-devel] [Bug 816370] Re: compile error in QEMU 0.15.0-rc0 and 0.15.0-rc1
Previous by thread: [Qemu-devel] [PATCH] introduce environment variables for all qemu-user options
Next by thread: [Qemu-devel] Organic SEO Services
Index(es):
- Date
- Thread