mailing list archives
CVE request -- libguestfs: virt-edit doesn't preserve file permissions
From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 11 Jun 2012 18:21:19 +0200
Description of the problem:
virt-edit creates a new file when it is used and thus does not
preserve file permissions, file owner and SELinux context on the
files that it was editing.
As a consequence, if certain security-sensitive files in the guest
were edited using virt-edit, they would become world-readable.
Proposed upstream patch:
Petr Matousek / Red Hat Security Response Team
- CVE request -- libguestfs: virt-edit doesn't preserve file permissions Petr Matousek (Jun 11)