On Wed, Oct 12, 2011 at 11:57:25AM +0800, Hong Xiang wrote: > I found there's a way for a unprivileged user to overwrite sensitive > system file with virsh, here's how: > 1. (as an unprivileged user) start virsh and connect to the r/w > socket of libvirtd: > virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock Unless you have turned off authentication, this requires you to provide your root password via PolicyKit. Thus you can no longer be considered an 'unprivileged' user after this point. > 2. start a guest, then issue 'save' or 'dump' command, giving a > sensitive system file path as the <file> parameter, for example, > '/etc/passwd'; > 3. the sensitive system file will be overwritten; There's no security hole. If you have successfully authenticated to the privileged libvirtd daemon over the read-write socket, then you are considered to have a privilege level equivalent to a root shell. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list