oss-sec mailing list archives
qemu-bridge-helper minimizing patch
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 16 Jul 2014 12:06:27 +0200
Hi, For the qemu-bridge-helper which is part of qemu and meant to run as suid root, I removed a lot of dependencies with this patch: http://bugzillafiles.novell.org/attachment.cgi?id=598793 It was linked against the whole set of qemu libs before, so very good chance to exploit the suid via one of the more than 50 libs' init code. It also fixes minor theoretically issue to be on the safe side: Dropping uid to user once work has been done but before sending the fd across a UNIX socket. I dont think that there is a CVE required for any of this (unless someone manages to make an exploit for one of the dependency-libs that were loaded before). If someone from RH could bring this upstream, it would be very helpful. Last time I tried commiting a fix for ivshmem I just got reverse-blaming. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- qemu-bridge-helper minimizing patch Sebastian Krahmer (Jul 16)