[Pkg-libvirt-maintainers] Bug#732394: Implementation deficiency in virInitctlSetRunLevel
Reco
recoverym4n at gmail.com
Wed Dec 18 14:33:21 UTC 2013
Hello, list.
I was pointed here by maintainer of libvirt package in Debian, Guido
Günther. For the sake of completeness, the original bug report can be
viewed at this link:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394
To sum up the bug report, current implementation of
virInitctlSetRunLevel function (src/util/virinitctl.c) lacks any sanity
checks before writing to container's /dev/initctl. In the absence of
such checks, libvirtd can be easily tricked to write runlevel check
request to an arbitrary main hosts' file (including
hosts' /run/initctl, as described in the bug report). All it takes is
one symlink in place of containers' /dev/initctl.
I've checked current libvirtd's git, and it seems to me that the
problem is still here.
Attached to this letter is a patch which tries to mitigate the issue by
checking whenever container's /dev/initctl is a pipe actually.
Sincerely yours, Reco
PS I'm not subscribed to this list, in case of further questions please
CC me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Don-t-write-to-non-pipes.patch
Type: text/x-diff
Size: 843 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20131218/22c72880/attachment.patch>
More information about the Pkg-libvirt-maintainers
mailing list