[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] move ebiptables script out of /tmp



On 06/16/2010 02:54 PM, Jamie Strandboge wrote:
Hi,

I noticed today that ebiptablesWriteToTempFile() creates a temporary
file in /tmp that is later executed. It uses mkstemp() and therefore is
safe from symlinks attacks, however, there is not really any reason that
I can see why it is using /tmp instead of somewhere
like /var/lib/libvirt. If libvirtd is confined under a MAC which allows
execution of /tmp/virtd* and a vulnerability is found in libvirtd,
the /tmp path leaves an opportunity for a local non-root attacker to
write a script in /tmp and then subvert libvirt to execute that script.
I don't mind the move of the temporary file, but I'd like to understand how would someone subvert libvirt to run an arbitrary script?

   Stefan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]