Bug 956082 (CVE-2013-2007)
| Summary: | CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | abaron, acathrow, amit.shah, aortega, apevec, areis, ayoung, berrange, bsarathy, cfergeau, chrisw, dallan, drjones, dwmw2, dyasny, ehabkost, gkotton, gleb, imammedo, itamar, jforbes, knoel, kraxel, kseifried, lersek, markmc, m.a.young, minovotn, mkenneth, mrezanin, mtosatti, pbonzini, rbryant, rhod, rhos-maint, rjones, rkrcmar, sclewis, scottt.tw, security-response-team, virt-maint, vrozenfe, xen-maint | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-06-04 14:11:25 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 953932, 957056, 969455, 969456, 970643, 974444, 983566, 983567 | ||||||
| Bug Blocks: | 956105, 969452 | ||||||
| Attachments: |
|
||||||
|
Description
Petr Matousek
2013-04-24 09:30:47 UTC
Statement: This issue does not affect the kvm package as shipped with Red Hat Enterprise Linux 5. This issue does not affect the xen package as shipped with Red Hat Enterprise Linux 5. This issue does affect the qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw. Please note that due to differences in upstream and Red Hat Enterprise Linux 6 versions of qemu guest agent this issue has lower security impact on systems running Red Hat Enterprise Linux 6. Created attachment 739402 [details]
[PATCH] qga: set umask 0077 when daemonizing
The qemu guest agent creates a bunch of files with insecure permissions
when started in daemon mode. For example:
-rw-rw-rw- 1 root root /var/log/qemu-ga.log
-rw-rw-rw- 1 root root /var/run/qga.state
-rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log
In addition, at least all files created with the "guest-file-open" QMP
command, and all files created with shell output redirection (or
otherwise) by utilities invoked by the fsfreeze hook script.
For now clear all file mode premissions for "group" and "others".
Signed-off-by: Laszlo Ersek <lersek>
---
qga/main.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 Created qemu tracking bugs for this issue Affects: fedora-all [bug 969455] Created xen tracking bugs for this issue Affects: fedora-all [bug 969456] This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0896 https://rhn.redhat.com/errata/RHSA-2013-0896.html This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2013:0791 https://rhn.redhat.com/errata/RHSA-2013-0791.html |