Red Hat Bugzilla – Bug 240266
Local Security problem in Virt-Manager
Last modified: 2007-11-30 17:07:44 EST
Description of problem:
If one user opens a Vitual Machine Consol for a Gest Domain and login as
root, the other user on the same sytem (domain-0) can see/control the same
Gest domain without enter any root passwd.
Version-Release number of selected component (if applicable):
How reproducible: Every Time
Steps to Reproduce:
0. Base System (Domain-0) is Centos x64 with Virtualization kernel installed.
* A para/full-virtualization guest (also CENTOS 5 x64, let's call it Domain-1)
has been installed on the system and works properly. Run Level=5
* a normal user account is created on domain-0 called 'fred'.
'fred' is allowed to login his own desktop locally or remotely via VNC.
1. User A (the root)
* Login as 'root' to GNOME desktop of Domain-0, click menu Application -
System Tools - Virtual Machine Manager,
* Now you will see your guest Domain-1 is listed in the 'Virtual Machine
* Double click Domain-1 in the list, 'Domain-1 Virtual Machine Console' is now
* Now you have login screen, let's Login as 'root' into Domain-1.
* now leave 'Domain-1 Virtual Machine Console' on.
2. User B (fred)
* Login using VNC viewer/client as user 'fred' to desktop of Domain-0,
Or, since we allowed 'fred' to login, 'fred' can use any way to login his
desktop. VNC is just an example to login to desktop.
* 'fred' click menu Application - System Tools - Virtual Machine Manager,
* when asked for 'Passwd for root', press the button 'Run as Unprivileged'
* press 'Connect' to connect to local Xen host,
* Now you will see guest Domain-1 is listed in the 'Virtual Machine Manager'
* Double click Domain-1 in the list,
* when asked for 'New Keyring Passwd', press 'Deny' button
* 'Domain-1 Virtual Machine Console' is now open, It's exactly the same
Console that user A(root) got. 'fred' can do anything to the domain-1 as root.
User B ('fred') got root access to the domain-1 without entering any root
User B should not allow to have the same Virtual Machine Consol without
a valid pasaswd to the vitual machine.
*** This bug has been marked as a duplicate of 240264 ***