Bug 240266 - Local Security problem in Virt-Manager
Local Security problem in Virt-Manager
Status: CLOSED DUPLICATE of bug 240264
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: virt-manager (Show other bugs)
5.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Berrange
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-16 01:30 EDT by Hongbo Ni
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-16 09:41:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Hongbo Ni 2007-05-16 01:30:47 EDT
Description of problem:

If one user opens a Vitual Machine Consol for a Gest Domain and login as
root, the other user on the same sytem (domain-0) can see/control the same
Gest domain without enter any root passwd.

Version-Release number of selected component (if applicable):

Virt-Manager 0.2.6

How reproducible: Every Time


Steps to Reproduce:

0. Base System (Domain-0) is Centos x64 with Virtualization kernel installed.   
   Run Level=5
 * A para/full-virtualization guest (also CENTOS 5 x64, let's call it Domain-1) 
   has been installed on the system and works properly. Run Level=5
 * a normal user account is created on domain-0 called 'fred'.
   'fred' is allowed to login his own desktop locally or remotely via VNC.

1. User A (the root)

 * Login as 'root' to GNOME desktop of Domain-0, click menu Application - 
   System Tools - Virtual Machine Manager, 
 * Now you will see your guest Domain-1 is listed in the 'Virtual Machine  
   Manager' Window.
 * Double click Domain-1 in the list, 'Domain-1 Virtual Machine Console' is now 
opened.
 * Now you have login screen, let's Login as 'root' into Domain-1.
 * now leave 'Domain-1 Virtual Machine Console' on.

2. User B (fred)

 * Login using VNC viewer/client as user 'fred' to desktop of Domain-0,
   Or, since we allowed 'fred' to login, 'fred' can use any way to login his 
desktop. VNC is just an example to login to desktop.
 
 * 'fred' click menu Application - System Tools - Virtual Machine Manager,
 * when asked for 'Passwd for root', press the button 'Run as Unprivileged'
 * press 'Connect' to connect to local Xen host,
 * Now you will see guest Domain-1 is listed in the 'Virtual Machine Manager' 
Window.
 * Double click Domain-1 in the list, 
 * when asked for 'New Keyring Passwd', press 'Deny' button
 * 'Domain-1 Virtual Machine Console' is now open, It's exactly the same 
Console that user A(root) got. 'fred' can do anything to the domain-1 as root.

  
Actual results:

User B ('fred') got root access to the domain-1 without entering any root 
passwd. 

Expected results:

User B should not allow to have the same Virtual Machine Consol without
a valid pasaswd to the vitual machine.

Additional info:
Comment 1 Daniel Berrange 2007-05-16 09:41:09 EDT

*** This bug has been marked as a duplicate of 240264 ***

Note You need to log in before you can comment on or make changes to this bug.