[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Possible security hole? unprivileged user can use virsh to overwrite sensitive system file



On 10/12/2011 11:57 AM, Hong Xiang wrote:
[hxiang T420 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Workstation release 6.1 (Santiago)
[hxiang T420 ~]$ cat /etc/openclient-release
Open Client RHEL 64 3.10 (Gold Master)
[hxiang T420 ~]$ libvirtd --version
libvirtd (libvirt) 0.8.7
[hxiang T420 ~]$ virsh -V
Virsh command line tool of libvirt 0.8.7
See web site athttp://libvirt.org/

Compiled with support for:
  Hypervisors: QEmu/KVM LXC ESX Test
  Networking: Remote Daemon Network Bridging Netcf Nwfilter VirtualPort
  Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM
  Miscellaneous: SELinux Secrets Debug DTrace Readline
[hxiang T420 ~]$ ls -l /etc/precious.*
-rw-r--r--. 1 root root 2 Oct 12 11:38 /etc/precious.1
-rw-r--r--. 1 root root 2 Oct 12 11:38 /etc/precious.2
[hxiang T420 ~]$ virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
        'quit' to quit

virsh # start fc15
^_ _ _ it seems you're using privileged user to login virsh, I remembered that it should be "virsh >" not "virsh #" when use unprivileged user, I assume you hadn't any modification in libvirtd.conf, in addition, for unprivileged user, as usual, libvirt will raise the following information if you're trying to connect hypervisor:

Tested it on libvirt-0.8.2-22.el5:
$ virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock --readonly error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd may need to be started: Permission denied
error: failed to connect to the hypervisor

Tested it on libvirt-0.9.4-16.el6.x86_64:
$ virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock --readonly
error: authentication failed: authentication failed
error: failed to connect to the hypervisor

Regards,
Alex
Domain fc15 started

virsh # dump fc15 /etc/precious.1
Domain fc15 dumped to /etc/precious.1

virsh # save fc15 /etc/precious.2
Domain fc15 saved to /etc/precious.2

virsh #
[hxiang T420 ~]$ ls -l /etc/precious.*
-rw-r--r--. 1 root root 253777159 Oct 12 11:42 /etc/precious.1
-rw-r--r--. 1 root root 257745683 Oct 12 11:42 /etc/precious.2
[hxiang T420 ~]$


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]