[Pkg-libvirt-maintainers] Bug#764894: Bug#764894: Bug#764894: virt-manager: USB devices are generally redirected to VMs

Christoph Anton Mitterer calestyo at scientia.net
Mon Oct 13 00:19:08 UTC 2014


clone 764894 -1 -2
reassign -1 virt-viewer
retitle -1 SECURITY - automatically redirects USB devices to guests
reassign -2 spice-client-glib-usb-acl-helper
retitle -2 SECURITY - normal users are allowed full access to USB devices per default
stop


Hi Guido.

On Sun, 2014-10-12 at 19:35 +0200, Guido Günther wrote: 
> As I wrote already: jessie is already affected
Yeah I only read that in the end of your mail and added it only there :)

>  so if you care _that_
> much (which is good) please do all the work and figure out the
> affected versions (I've just done so).
Thanks a lot :)

Still, to be honest, I think one should rather prevent migration from
testing (even if it's annoying) until one knows which versions are
affected... and better have a chance to warn the users :)


> No. I mean the confer key that handles usb redirection, see
>   d81fd3c3af1abde1fa0e2bf3b79643f36836f45b
Great, thanks a lot...

> See above. This should be fixed now with redirection defaulting to off
> by default.
just tested and verified it... it no longer redirects automatically,...

But it still does in virt-viewer, so I clone the bug there.


>   /usr/share/polkit-1/actions/org.spice-space.lowlevelusbaccess.policy
Yeah,... already expected spice-client-glib-usb-acl-helper to be the
"bad guy" ;-)


> and therefore allowed for interactive users (which makes sense).
Well to be honest I think it's really dangerous what is done recently
there with polkit (even though it's not really polkit's fault itslef).

Rules for it are mostly written, so that interactive users have a lot
rights, which may sound okay on the first glance and which may work out
for *some* usage scenarios (tablets, single user desktops, etc.)...
But I think there are many valid usage scenarios which silently break
(in the security PoV) by that.

Apart from that, we've often seen bugs in polkit and/or the rules in the
past, and where these lax privileges caused even more pain and troubles
(I remember a case when polkit allowed local users to access the master
keys of dm-crypt devices o.O).


>  Feel
> free to dup this to spice an keep me on cc.
I'm cloning this now... hope that keeps you on CC.


> Thanks for raising this.
Sure... thanks for dealing with it so quickly :)



Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20141013/8dad3d06/attachment-0001.bin>


More information about the Pkg-libvirt-maintainers mailing list