From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35929)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eduardo.otubo@profitbricks.com>) id 1ZwQjF-0003Bs-I4
	for qemu-devel@nongnu.org; Wed, 11 Nov 2015 03:26:15 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eduardo.otubo@profitbricks.com>) id 1ZwQj8-0001sL-5a
	for qemu-devel@nongnu.org; Wed, 11 Nov 2015 03:26:05 -0500
Received: from mail-wm0-x235.google.com ([2a00:1450:400c:c09::235]:35852)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eduardo.otubo@profitbricks.com>) id 1ZwQj7-0001sC-Vj
	for qemu-devel@nongnu.org; Wed, 11 Nov 2015 03:25:58 -0500
Received: by wmww144 with SMTP id w144so149641703wmw.1
	for <qemu-devel@nongnu.org>; Wed, 11 Nov 2015 00:25:57 -0800 (PST)
Date: Wed, 11 Nov 2015 09:25:54 +0100
From: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Message-ID: <20151111082554.GB29255@vader>
References: <1446212690-7656-1-git-send-email-eduardo.otubo@profitbricks.com>
	<1446212690-7656-5-git-send-email-eduardo.otubo@profitbricks.com>
	<563715FE.1050206@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="MfFXiAuoTsnnDAfZ"
Content-Disposition: inline
In-Reply-To: <563715FE.1050206@redhat.com>
Subject: Re: [Qemu-devel] [PULL 04/05] seccomp: add setuid, setgid,
 chroot and setgroups to whitelist
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: peter.maydell@linaro.org, drjones@redhat.com, qemu-devel@nongnu.org, dann.frazier@canonical.com


--MfFXiAuoTsnnDAfZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 02, 2015 at 08=3D51=3D26AM +0100, Paolo Bonzini wrote:
>=20
>=20
> On 30/10/2015 14:44, Eduardo Otubo wrote:
> > From: Namsun Ch'o <namnamc@Safe-mail.net>
> >=20
> > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, whi=
ch are
> > needed for -runas to work. It also doesn't whitelist chroot, which is n=
eeded
> > for the -chroot option. Unfortunately, QEMU enables seccomp before it d=
rops
> > privileges or chroots, so without these whitelisted, -runas and -chroot=
 cause
> > QEMU to be killed with -sandbox on. This patch adds those syscalls.
>=20
> I think this patch should not be applied, because it completely defeats
> the purpose of the sandbox.  With these syscalls whitelisted, -runas and
> -chroot have absolutely no effect against an attacker, even with
> -sandbox on.
>=20

Also, Namsun's emails are bouncing back. Don't know if it's worth to
merge them with no valid author's contact.

--=20
Eduardo Otubo
ProfitBricks GmbH

--MfFXiAuoTsnnDAfZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWQvuSAAoJEP0M/1sS+L0vvwsH/RWteODx0GCVYkCjDjL6EesP
9Z/h/69pBLMXyBhNr2c9G95F44cRMXc/J0fQ0dXfer7PGQJyqVc/jgMBNG70Cmbu
NWDR3jKD/ishC2BdRa5xIu14r96ac5eMGvc5TZKbdjBCatuYK52AitU7G7yGC6E2
4+4cgioFFcgAWDfVUKcyOWWcyxbKZKJ9fZ5U7+UPY7jb+NeNLaNW5Byi3BHzvZVV
MUPyNQ7FLeeY8XRmU2n2ugtyKTfWqD5Rad6eLwgkmGnw96Xo79sDr7SCiz6LH92c
3kaQqzRIi1GuLFlk4X3Ww4m+rTElcHwAlBK2VaZTIuDQVQcnCPdUJ2SiA+kilgI=
=YTqw
-----END PGP SIGNATURE-----

--MfFXiAuoTsnnDAfZ--