[BUG,RFC] directory traversal vulnerability / qemu: name→uuid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I just tried the following command  with libvirt-0.9.5git:
# virsh snapshot-create "$VM" /dev/stdin 
<<<'<domainsnapshot><name>../../../../../../etc/passwd</name></domainsnapshot>'

"Luckily" it adds a .xml suffix, but this still looks like a security problem 
to me, because you can overwrite any .xml-file with libvirt gibberish. 
Actually this was found by a user trying to create a snapshot with an 
embedded /, which didn't work, because the sub-directory didn't exist. I know 
SELinux can solve this, but I really would prefer the Qemu driver to reject 
such names.

Another problem is, that I sometimes would like to rename a VM to a new name, 
because the old name doesn't describe the VM good enough. <description> is 
not an option, because 1) Xen doesn't store it, and 2) virsh list doesn't 
show it.
Renaming a Qemu-VM is currently impossible, since the name of the VM is used 
for several files and directories and a undefine+define would loose state:
 /etc/libvirt/qemu/$VM.xml
 /var/lib/libvirt/qemu/$VM.monitor
 /var/lib/libvirt/qemu/save/$VM.save
 /var/lib/libvirt/qemu/snapshot/$VM/$SNAPSHOT.xml
(Renaming outside of libvirtd can be done by hand, but requires a restart of 
libvirtd to get it to reload it's state.)
Compared to Xen and VirtualBox (as far as I know) they both use the UUID to 
name their files and directroy, which looks a lot more sane to me than using 
the name of the VM.

Would it be possible and feasible to convert the Qemu driver to use the UUID 
instead for file and directory naming?

Sincerely
Philipp
-- 
Philipp Hahn           Open Source Software Engineer      hahn@xxxxxxxxxxxxx
Univention GmbH        Linux for Your Business        fon: +49 421 22 232- 0
Mary-Somerville-Str.1  D-28359 Bremen                 fax: +49 421 22 232-99
                                                   http://www.univention.de/
----------------------------------------------------------------------------
Treffen Sie Univention auf der IT&Business vom 20. bis 22. September 2011
auf dem Gemeinschaftsstand der Open Source Business Alliance in Stuttgart in
Halle 3 Stand 3D27-7.

Attachment: signature.asc
Description: This is a digitally signed message part.

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]