Comment 19 for bug 807893
Revision history for this message
| Stefan Hajnoczi (stefanha) wrote Re: [Bug 807893] Re: qemu privilege escalation | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
On Thu, Jul 14, 2011 at 12:46 PM, Andrew Griffiths
<email address hidden> wrote:
> Actually, from a quick google perhaps ensuring all threads run after
> chroot / dropping privileges might be a good idea.
>
> - http://
> - http://
>
> though it looks like you might need to put in effort into getting per-
> thread uid's for freebsd/macosx when they make that available, and
> you're assuming they're running a recent glibc. Depending on complexity,
> it can't hurt to ensure you're not going to hit into per-thread
> uid/gid's. I'm of two minds about glibc doing this. This was a
> particular favourite bug class of mine :)
>
> It seems that there is a linux distro which uses uclibc, which does not
> emulate the glibc behaviour:
>
> http://
> packages.
Good point about other OSes and distros. QEMU does not create any
threads before -runas processing AFAICT.
It's a nasty problem in general though because shared libraries could...
Stefan