oss-sec mailing list archives
Re: docker VMM breakout
From: Sven Kieske <S.Kieske () mittwald de>
Date: Wed, 18 Jun 2014 13:39:49 +0000
Am 18.06.2014 12:15, schrieb David Jorm:
I tested libvirt via virsh and by default both CAP_DAC_READ_SEARCH and CAP_DAC_OVERRIDE are available (and thus the PoC does run). However, this default is well documented as is the general insecurity of libvirt in regards to DAC, so I don't think a CVE ID is required for libvirt.
I fail to see why this should be true. On most distributions libvirt spawned vms do not run as root but as user qemu or similar. according to the documentation at: http://libvirt.org/drvqemu.html#securitycap this should imply that libvirt drops these capabilities. Please correct me if I'm wrong. -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
Current thread:
- docker VMM breakout Sebastian Krahmer (Jun 18)
- Re: docker VMM breakout David Jorm (Jun 18)
- Re: docker VMM breakout Yves-Alexis Perez (Jun 18)
- Re: docker VMM breakout Sven Kieske (Jun 18)
- Re: docker VMM breakout Daniel J Walsh (Jun 18)
- Re: docker VMM breakout gremlin (Jun 18)
- Re: docker VMM breakout Serge Hallyn (Jun 19)
- Re: docker VMM breakout Daniel J Walsh (Jun 20)
- Re: docker VMM breakout David Jorm (Jun 18)