oss-sec mailing list archives
Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest
From: P J P <ppandit () redhat com>
Date: Fri, 22 Jan 2021 16:52:19 +0530 (IST)
+-- On Fri, 22 Jan 2021, Daniel Walsh wrote --+ | Did SELinux block this flaw? * Not sure if there's a SELinux policy to block it. Didn't have a reproducer handy. | Seems virtiofsd should be running without CAP_MKNOD by default. * Yes, there's an issue for nodev -> https://gitlab.com/virtio-fs/qemu/-/issues/24 virtiofsd(1) also supports '-o modcaps=-mknod' option, it's not default though. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
- Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest Daniel Walsh (Jan 22)
- Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
- Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest Daniel Walsh (Jan 22)