[libvirt] [PATCH] move ebiptables script out of /tmp
Jamie Strandboge
jamie at canonical.com
Wed Jun 16 18:54:52 UTC 2010
Hi,
I noticed today that ebiptablesWriteToTempFile() creates a temporary
file in /tmp that is later executed. It uses mkstemp() and therefore is
safe from symlinks attacks, however, there is not really any reason that
I can see why it is using /tmp instead of somewhere
like /var/lib/libvirt. If libvirtd is confined under a MAC which allows
execution of /tmp/virtd* and a vulnerability is found in libvirtd,
the /tmp path leaves an opportunity for a local non-root attacker to
write a script in /tmp and then subvert libvirt to execute that script.
Putting it in /var/lib/libvirt (or somewhere without world-write
permissions) would prevent this.
I do not consider this a security vulnerability, but rather defensive
programming. Attached is a patch that uses LOCAL_STATE_DIR
"/lib/libvirt/virtdXXXXXX". Feel free to move it somewhere else if
desired. Patch is against head.
Thanks
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: move-ebiptables-script.diff
Type: text/x-patch
Size: 634 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100616/1e75fa7a/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100616/1e75fa7a/attachment-0001.sig>
More information about the libvir-list
mailing list