From: Laurent Vivier <Laurent@vivier.eu>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest
Date: Wed, 02 Jan 2013 20:37:38 +0100 [thread overview]
Message-ID: <1357155458.3091.5.camel@Quad> (raw)
In-Reply-To: <CAFEAcA_qF6w+jn56L21yO_4oTN8FsOCEfY-YDNNuaRrADz0JeA@mail.gmail.com>
Le mercredi 02 janvier 2013 à 01:16 +0000, Peter Maydell a écrit :
> On 20 December 2012 20:56, Laurent Vivier <laurent@vivier.eu> wrote:
> > When qemu-linux-user is used in a linux container or chroot,
> > if it needs to load binaries with SUID/SGID bits, it needs to
> > have root rights to be able to change UID/GID. To do that, we
> > need to install it with SUID bits and root owner.
>
> I suspect a suid qemu binary is a big fat security hole...
This is why this feature is disabled by default and must be enabled with
configure. Moreover this is only for qemu-linux-user and the first thing
done in main() is to set euid/egid to real uid/gid.
> > Then, if the SUID bit is not set on the binary to load,
> > qemu will set its UID to the saved UID (the current user ID).
> >
> > To be able to retrieve unsecure environment variables (LD_PRELOAD,
> > LD_LIBRARY_PATH) with SUID bit, we need to disable "unsetenv()".
> > Otherwise libc unsets these variables before entering in main()
>
> This is basically deliberately disabling a glibc security check.
Yes, but this security check is mainly to avoid to load unsecure
library. To avoid this too, we force the "--static" mode. This is not
perfect but bring to qemu-linux-user an interesting feature.
> Needs careful thought and review (which I don't have time for
> just now I'm afraid) before this can be committed.
>
> -- PMM
--
"Just play. Have fun. Enjoy the game."
- Michael Jordan
prev parent reply other threads:[~2013-01-02 19:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-20 20:56 [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest Laurent Vivier
2013-01-01 23:09 ` Laurent Vivier
2013-01-02 1:16 ` Peter Maydell
2013-01-02 19:37 ` Laurent Vivier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1357155458.3091.5.camel@Quad \
--to=laurent@vivier.eu \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).