On 12/23/2013 03:12 PM, Eric Blake wrote: >> Only users who are listed as valid_users in /etc/libvirt/virt-login-shell.conf >> are allowed to join containers using this tool. By default no users are allowed. > > Problem. This is how things get installed: > > # ls -ld /etc/libvirt/ /etc/libvirt/virt-login-shell.conf > /bin/virt-login-shell > -rwsr-x---. 1 root virtlogin 891744 Dec 4 01:37 /bin/virt-login-shell > drwx------. 6 root root 4096 Dec 23 13:22 /etc/libvirt/ > -rw-r--r--. 1 root root 1244 Dec 23 13:22 > /etc/libvirt/virt-login-shell.conf > >> + if (!(conf = virConfReadFile(login_shell_path, 0))) >> + goto cleanup; > > ...and non-root invariably fails here, since login_shell_path > (/etc/libvirt/virt-login-shell.conf) is buried inside a directory that > is not searchable by either root or virtlogin. Ah, I see - non-root fails here if run unprivileged (such as under gdb), but when run setuid it has the permissions of root and can read the file just fine. So this is a case where we are really relying on ALL of the setuid power, rather than one where we could use capability labeling on the binary rather than a full-blown setuid, making it harder to minimize the power of the binary on systems that try to avoid setuid by use of caps. It's also making my life much tougher to try and debug the other bugs in this program. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list