[libvirt] Possible security hole? unprivileged user can use virsh to overwrite sensitive system file
Alex Jia
ajia at redhat.com
Wed Oct 12 06:29:50 UTC 2011
On 10/12/2011 11:57 AM, Hong Xiang wrote:
> [hxiang at T420 ~]$ cat /etc/redhat-release
> Red Hat Enterprise Linux Workstation release 6.1 (Santiago)
> [hxiang at T420 ~]$ cat /etc/openclient-release
> Open Client RHEL 64 3.10 (Gold Master)
> [hxiang at T420 ~]$ libvirtd --version
> libvirtd (libvirt) 0.8.7
> [hxiang at T420 ~]$ virsh -V
> Virsh command line tool of libvirt 0.8.7
> See web site athttp://libvirt.org/
>
> Compiled with support for:
> Hypervisors: QEmu/KVM LXC ESX Test
> Networking: Remote Daemon Network Bridging Netcf Nwfilter VirtualPort
> Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM
> Miscellaneous: SELinux Secrets Debug DTrace Readline
> [hxiang at T420 ~]$ ls -l /etc/precious.*
> -rw-r--r--. 1 root root 2 Oct 12 11:38 /etc/precious.1
> -rw-r--r--. 1 root root 2 Oct 12 11:38 /etc/precious.2
> [hxiang at T420 ~]$ virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
> Welcome to virsh, the virtualization interactive terminal.
>
> Type: 'help' for help with commands
> 'quit' to quit
>
> virsh # start fc15
^_ _ _ it seems you're using privileged user to login
virsh, I remembered that it should be
"virsh >" not "virsh #" when use unprivileged user, I assume you hadn't
any modification in libvirtd.conf, in addition, for unprivileged user,
as usual, libvirt will raise the following information if you're trying
to connect hypervisor:
Tested it on libvirt-0.8.2-22.el5:
$ virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
--readonly
error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd
may need to be started: Permission denied
error: failed to connect to the hypervisor
Tested it on libvirt-0.9.4-16.el6.x86_64:
$ virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
--readonly
error: authentication failed: authentication failed
error: failed to connect to the hypervisor
Regards,
Alex
> Domain fc15 started
>
> virsh # dump fc15 /etc/precious.1
> Domain fc15 dumped to /etc/precious.1
>
> virsh # save fc15 /etc/precious.2
> Domain fc15 saved to /etc/precious.2
>
> virsh #
> [hxiang at T420 ~]$ ls -l /etc/precious.*
> -rw-r--r--. 1 root root 253777159 Oct 12 11:42 /etc/precious.1
> -rw-r--r--. 1 root root 257745683 Oct 12 11:42 /etc/precious.2
> [hxiang at T420 ~]$
More information about the libvir-list
mailing list