Re: [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Laurent Vivier <Laurent@vivier.eu>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest
Date: Wed, 02 Jan 2013 20:37:38 +0100	[thread overview]
Message-ID: <1357155458.3091.5.camel@Quad> (raw)
In-Reply-To: <CAFEAcA_qF6w+jn56L21yO_4oTN8FsOCEfY-YDNNuaRrADz0JeA@mail.gmail.com>

Le mercredi 02 janvier 2013 à 01:16 +0000, Peter Maydell a écrit :
> On 20 December 2012 20:56, Laurent Vivier <laurent@vivier.eu> wrote:
> > When qemu-linux-user is used in a linux container or chroot,
> > if it needs to load binaries with SUID/SGID bits, it needs to
> > have root rights to be able to change UID/GID. To do that, we
> > need to install it with SUID bits and root owner.
> 
> I suspect a suid qemu binary is a big fat security hole...

This is why this feature is disabled by default and must be enabled with
configure. Moreover this is only for qemu-linux-user and the first thing
done in main() is to set euid/egid to real uid/gid.

> > Then, if the SUID bit is not set on the binary to load,
> > qemu will set its UID to the saved UID (the current user ID).
> >
> > To be able to retrieve unsecure environment variables (LD_PRELOAD,
> > LD_LIBRARY_PATH) with SUID bit, we need to disable "unsetenv()".
> > Otherwise libc unsets these variables before entering in main()
> 
> This is basically deliberately disabling a glibc security check.

Yes, but this security check is mainly to avoid to load unsecure
library. To avoid this too, we force the "--static" mode. This is not
perfect but bring to qemu-linux-user an interesting feature.

> Needs careful thought and review (which I don't have time for
> just now I'm afraid) before this can be committed.
> 
> -- PMM

-- 
"Just play. Have fun. Enjoy the game."
- Michael Jordan

     prev parent reply	other threads:[~2013-01-02 19:37 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-20 20:56 [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest Laurent Vivier
2013-01-01 23:09 ` Laurent Vivier
2013-01-02  1:16 ` Peter Maydell
2013-01-02 19:37   ` Laurent Vivier [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1357155458.3091.5.camel@Quad \
    --to=laurent@vivier.eu \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=riku.voipio@iki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.