[Pkg-libvirt-maintainers] Bug#1120119: libvirt-daemon: data leak for new offline snapshots
Sylvain Beucler
beuc at beuc.net
Wed Nov 5 17:19:39 GMT 2025
Package: libvirt-daemon
X-Debbugs-Cc: beuc at beuc.net, security at debian.org
Version: 11.3.0-3
Severity: grave
Dear Maintainer,
When creating snapshots for shut-down VMs, using virt-manager or virsh,
e.g.:
virsh snapshot-create-as --domain bookworm-oldstable --name snap1
--disk-only --diskspec
vda,snapshot=external,file=/var/lib/libvirt/images/myvm.snap1
then the snapshot is world-readable (644):
# ls -lh /var/lib/libvirt/images/bookworm-oldstable.snap1
-rw-r--r-- 1 root root 193K 5 nov. 17:40
/var/lib/libvirt/images/myvm.snap1
by any user:
# su - nobody -s /bin/sh -c 'hd -n 8 /var/lib/libvirt/images/myvm.snap1'
00000000 51 46 49 fb 00 00 00 03 |QFI.....|
(This doesn't happen for running VMs where permission is correctly 600.)
Such snapshots also stay world-readable after running the VM, allowing
all local users to access the new data, which is a grave data leak.
Regards,
Sylvain Beucler
More information about the Pkg-libvirt-maintainers
mailing list