openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15579
Re: [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
>
>
> Also notice that libguestfs is supported as an injection mechanism
> which mounts images in a separate VM, with one of the big advantages
> of that being better security.
>
>
Are you sure about this? Reading the driver source, it appears to be using
'guestmount' as glue between libguestfs and FUSE. Worse, this is done as
root. This mounts the filesystem in userspace on the host, but the
userspace process runs as root. Because the filesystem is mounted, all
reads and writes must also happen as root, leading to potential escalation
scenarios.
It does seem that libguestfs could be used securely, but it isn't.
--
Regards,
Eric Windisch
Follow ups
References