[libvirt] [BUG,RFC] directory traversal vulnerability / qemu: name→uuid

Philipp Hahn hahn at univention.de
Wed Sep 7 10:12:53 UTC 2011 

Hello,

I just tried the following command  with libvirt-0.9.5git:
# virsh snapshot-create "$VM" /dev/stdin 
<<<'<domainsnapshot><name>../../../../../../etc/passwd</name></domainsnapshot>'

"Luckily" it adds a .xml suffix, but this still looks like a security problem 
to me, because you can overwrite any .xml-file with libvirt gibberish. 
Actually this was found by a user trying to create a snapshot with an 
embedded /, which didn't work, because the sub-directory didn't exist. I know 
SELinux can solve this, but I really would prefer the Qemu driver to reject 
such names.

Another problem is, that I sometimes would like to rename a VM to a new name, 
because the old name doesn't describe the VM good enough. <description> is 
not an option, because 1) Xen doesn't store it, and 2) virsh list doesn't 
show it.
Renaming a Qemu-VM is currently impossible, since the name of the VM is used 
for several files and directories and a undefine+define would loose state:
 /etc/libvirt/qemu/$VM.xml
 /var/lib/libvirt/qemu/$VM.monitor
 /var/lib/libvirt/qemu/save/$VM.save
 /var/lib/libvirt/qemu/snapshot/$VM/$SNAPSHOT.xml
(Renaming outside of libvirtd can be done by hand, but requires a restart of 
libvirtd to get it to reload it's state.)
Compared to Xen and VirtualBox (as far as I know) they both use the UUID to 
name their files and directroy, which looks a lot more sane to me than using 
the name of the VM.

Would it be possible and feasible to convert the Qemu driver to use the UUID 
instead for file and directory naming?

Sincerely
Philipp
-- 
Philipp Hahn           Open Source Software Engineer      hahn at univention.de
Univention GmbH        Linux for Your Business        fon: +49 421 22 232- 0
Mary-Somerville-Str.1  D-28359 Bremen                 fax: +49 421 22 232-99
                                                   http://www.univention.de/
----------------------------------------------------------------------------
Treffen Sie Univention auf der IT&Business vom 20. bis 22. September 2011
auf dem Gemeinschaftsstand der Open Source Business Alliance in Stuttgart in
Halle 3 Stand 3D27-7.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110907/ff26ed18/attachment-0001.sig>

More information about the libvir-list mailing list