Home page logo

oss-sec logo oss-sec mailing list archives

CVE request -- libguestfs: virt-edit doesn't preserve file permissions
From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 11 Jun 2012 18:21:19 +0200

Description of the problem:
virt-edit creates a new file when it is used and thus does not
preserve file permissions, file owner and SELinux context on the
files that it was editing.

As a consequence, if certain security-sensitive files in the guest
were edited using virt-edit, they would become world-readable.

Proposed upstream patch:


Petr Matousek / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]