libvirt runs dnsmasq as user nobody
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
High
|
Serge Hallyn |
Bug Description
libvirt uses dnsmasq to provide dns services to the guest vms; however, it starts dnsmasq under user nobody:
$ ps auwwx | grep dnsmasq
nobody 2117 0.0 0.0 25956 940 ? S 14:31 0:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=
Generally it's bad form from a security perspective to run daemons as user nobody because a vulnerability in one daemon will possibly allow it, when compromised, to interfere with another daemon that is also running as nobody. The preferred solution is to run it as a service-specific system user. In this case, because there may be multiple dnsmasq daemons running, a separate libvirt-dnsmasq user (the dnsmasq package itself runs the dnsmasq daemon under a system user called unsurprisingly 'dnsmasq').
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libvirt-bin 0.9.8-2ubuntu10
ProcVersionSign
Uname: Linux 3.2.0-12-generic x86_64
ApportVersion: 1.92-0ubuntu1
Architecture: amd64
Date: Tue Feb 21 14:49:49 2012
InstallationMedia: Ubuntu-Server 10.04 "Lucid Lynx" - Alpha amd64 (20100330)
ProcEnviron:
TERM=screen
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=bash
SourcePackage: libvirt
UpgradeStatus: Upgraded to precise on 2012-01-18 (34 days ago)
Related branches
Changed in libvirt (Ubuntu): | |
status: | New → Confirmed |
Changed in libvirt (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
Thanks, Steve. Could you please set the priority of this bug as you see it?
Also if you think there would be worthwhile security benefits to switching libvirt and lxc to modifying the host's main dnsmasq instance (as per bug 925511) please let me know as it would obviate the need for this bug if we did that with an FFE.