From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56692)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Laurent@vivier.eu>) id 1TqU8F-0001Nw-VZ
	for qemu-devel@nongnu.org; Wed, 02 Jan 2013 14:37:45 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Laurent@vivier.eu>) id 1TqU8E-0003Ai-4p
	for qemu-devel@nongnu.org; Wed, 02 Jan 2013 14:37:43 -0500
Received: from moutng.kundenserver.de ([212.227.17.8]:62057)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Laurent@vivier.eu>) id 1TqU8D-0003Aa-RJ
	for qemu-devel@nongnu.org; Wed, 02 Jan 2013 14:37:42 -0500
Message-ID: <1357155458.3091.5.camel@Quad>
From: Laurent Vivier <Laurent@vivier.eu>
Date: Wed, 02 Jan 2013 20:37:38 +0100
In-Reply-To: <CAFEAcA_qF6w+jn56L21yO_4oTN8FsOCEfY-YDNNuaRrADz0JeA@mail.gmail.com>
References: <1356037019-19426-1-git-send-email-laurent@vivier.eu>
	<CAFEAcA_qF6w+jn56L21yO_4oTN8FsOCEfY-YDNNuaRrADz0JeA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] linux-user: allow to use sudo in guest
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel@nongnu.org

Le mercredi 02 janvier 2013 =C3=A0 01:16 +0000, Peter Maydell a =C3=A9crit =
:
> On 20 December 2012 20:56, Laurent Vivier <laurent@vivier.eu> wrote:
> > When qemu-linux-user is used in a linux container or chroot,
> > if it needs to load binaries with SUID/SGID bits, it needs to
> > have root rights to be able to change UID/GID. To do that, we
> > need to install it with SUID bits and root owner.
>=20
> I suspect a suid qemu binary is a big fat security hole...

This is why this feature is disabled by default and must be enabled with
configure. Moreover this is only for qemu-linux-user and the first thing
done in main() is to set euid/egid to real uid/gid.

> > Then, if the SUID bit is not set on the binary to load,
> > qemu will set its UID to the saved UID (the current user ID).
> >
> > To be able to retrieve unsecure environment variables (LD_PRELOAD,
> > LD_LIBRARY_PATH) with SUID bit, we need to disable "unsetenv()".
> > Otherwise libc unsets these variables before entering in main()
>=20
> This is basically deliberately disabling a glibc security check.

Yes, but this security check is mainly to avoid to load unsecure
library. To avoid this too, we force the "--static" mode. This is not
perfect but bring to qemu-linux-user an interesting feature.

> Needs careful thought and review (which I don't have time for
> just now I'm afraid) before this can be committed.
>=20
> -- PMM

--=20
"Just play. Have fun. Enjoy the game."
- Michael Jordan