openstack team mailing list archive

Thread
Date

Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)

To: Pádraig Brady <P@xxxxxxxxxxxxxx>
From: Eric Windisch <eric@xxxxxxxxxxxxxxxx>
Date: Wed, 8 Aug 2012 00:37:58 -0400
Cc: Thierry Carrez <thierry@xxxxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <502191AC.30903@draigBrady.com>

>
>
> Also notice that libguestfs is supported as an injection mechanism
> which mounts images in a separate VM, with one of the big advantages
> of that being better security.
>
>
Are you sure about this? Reading the driver source, it appears to be using
'guestmount' as glue between libguestfs and FUSE. Worse, this is done as
root.  This mounts the filesystem in userspace on the host, but the
userspace process runs as root.  Because the filesystem is mounted, all
reads and writes must also happen as root, leading to potential escalation
scenarios.

It does seem that libguestfs could be used securely, but it isn't.

-- 
Regards,
Eric Windisch

Follow ups

Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Pádraig Brady, 2012-08-08

References

[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Thierry Carrez, 2012-08-07
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Eric Windisch, 2012-08-07
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
From: Pádraig Brady, 2012-08-07