Comment 13 for bug 807893
Revision history for this message
| Stefan Hajnoczi (stefanha) wrote Re: [Bug 807893] Re: qemu privilege escalation | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Wed, Jul 13, 2011 at 11:12 AM, Andrew Griffiths
<email address hidden> wrote:
> Once you have code execution in the process, you can modify the others
> threads execution (if required) to execute your own code. With full
> capabilities, it would be trivial to escape from a chroot on a normal
> Linux kernel (grsecurity with appropriate kernel chroot restrictions
> enabled would reduce the avenues available for escaping.).
>
> I seem to recall other distro's handle thread privileges differently.
Hi Andrew,
I think what Chris meant is that libvirt does not use -runas at all.
It drops privileges (including initgroups(3)) itself *before* invoking
QEMU. So I think his statement is simply that libvirt (commonly used
in KVM deployments) is not affected.
Stefan