[Pkg-libvirt-maintainers] Bug#629341: virtinst: fails if umask isn't permissive
Rob Browning
rlb at defaultvalue.org
Sun Jun 5 18:20:19 UTC 2011
Package: virtinst
Version: 0.500.6-1
If the umask is set to 007, virt-install will fail with an error like
this:
qemu: could not load kernel
'/home/rlb/.virtinst/boot/virtinst-linux.sQocL_': Permission denied
Ideally, virt-install shouldn't be affected by the user's umask, and
shouldn't require a world-accessible $HOME.
If the relevant files are just temporary files that are used during the
install, then I'd suggest that they be written with umask 002 to a
securely created temp dir, i.e. via "mktemp --tmpdir -d", or in python:
tempfile.mkdtemp(prefix='virtinst-tmp')
Another reason to make this change is that requiring $HOME/.virtinst to
be world-readable guarantees that any vnc passwords will be readable
system-wide (via the log).
(Feel free to adjust the severity to wishlist if that seems more
appropriate.)
Thanks
--
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
More information about the Pkg-libvirt-maintainers
mailing list