oss-sec mailing list archives

Re: CVE Request: qemu -runas does not clear supplementary groups

From: Vincent Danen <vdanen () redhat com>
Date: Tue, 12 Jul 2011 13:59:35 -0600

* [2011-07-12 20:48:59 +0400] Michael Tokarev wrote:

There's a missing initgroups() call in qemu in the -runas
argument handling.  Details are available on

https://bugs.launchpad.net/qemu/+bug/807893

in short, -runas is supposed to reduce privileges to a
bare minimum (after all initialization is completed),
but the process still has all the supplementary groups
which should be dropped too.

Can a CVE id be assigned for this issue?


Sorry, we were contacted directly to provide a CVE name, and I'm not
sure if that was before or after you wrote this mail (probably after).
That bug has been updated with the assigned CVE name, CVE-2011-2527.

https://bugs.launchpad.net/qemu/+bug/807893/comments/6

Thanks, sorry for missing this.

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE Request: qemu -runas does not clear supplementary groups Michael Tokarev (Jul 12)
- Re: CVE Request: qemu -runas does not clear supplementary groups Vincent Danen (Jul 12)