Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request -- libguestfs: virt-edit doesn't preserve file permissions
From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 11 Jun 2012 18:21:19 +0200

Description of the problem:
virt-edit creates a new file when it is used and thus does not
preserve file permissions, file owner and SELinux context on the
files that it was editing.

As a consequence, if certain security-sensitive files in the guest
were edited using virt-edit, they would become world-readable.

Proposed upstream patch:
https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html

References:
https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
https://bugzilla.redhat.com/show_bug.cgi?id=788642

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault