Libvirt Security Notice: LSN-2013-0008

Libvirt security driver does not clear supplementary groups

Lifecycle

Reported on: 20130805
Published on: 20130805
Fixed on: 20130829

Credits

Reported by: Eric Blake
Patched by: Eric Blake

See also

Description

When parsing the process security label for the DAC driver the list of supplementary groups was not initialized. This would lead to the QEMU process inheriting supplementary groups from the libvirtd daemon.

Impact

The QEMU processes inherit supplementary groups libvirtd which may lead to it being granted access to in appropriate resources

Workaround

Ensure a MAC driver such as SELinux or AppArmour is used to confine the QEMU processes, so that a compromised QEMU cannot take advantage of the inherited supplementary groups.

Affected product: libvirt

Branch master
Broken in: v1.1.1
Fixed in: v1.1.2
Broken by: 29fe5d745fbe207ec2415441d4807ae76be05974
Fixed by: 745aa55fbf3e076c4288d5ec3239f5a5d43508a6
Branch v0.10.2-maint
Broken in: v0.10.2.7
Fixed in: v0.10.2.8
Broken by: c061ff5e4acb7ce92b59775f986d1b18b86ce43c
Fixed by: 53b882aad57ed9bbe4188128e9db2f1aecd3fb48
Branch v1.1.1-maint
Broken by: 29fe5d745fbe207ec2415441d4807ae76be05974
Fixed by: d23cf2c91b32a715aae9beeaac04fc36924e0f56

Alternative formats: [xml] [text]