oss-sec mailing list archives
Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest
From: P J P <ppandit () redhat com>
Date: Fri, 22 Jan 2021 16:52:19 +0530 (IST)
+-- On Fri, 22 Jan 2021, Daniel Walsh wrote --+
| Did SELinux block this flaw?
* Not sure if there's a SELinux policy to block it. Didn't have a reproducer
handy.
| Seems virtiofsd should be running without CAP_MKNOD by default.
* Yes, there's an issue for nodev
-> https://gitlab.com/virtio-fs/qemu/-/issues/24
virtiofsd(1) also supports '-o modcaps=-mknod' option, it's not default
though.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
- Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest Daniel Walsh (Jan 22)
- Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest P J P (Jan 22)
- Re: CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from guest Daniel Walsh (Jan 22)