[Pkg-xen-devel] Bug#490409: Bug#490409: Bug#490409: CVE-2008-2004: privilege escalation

[Ian Jackson]

Bastian Blank writes ("[Pkg-xen-devel] Bug#490409: Bug#490409: CVE-2008-2004: privilege escalation"):
> A bug in a known-problematic subsystem does not make the whole package
> unusable.

The HVM emulation is `known-problematic' ?  I know that qemu's
security record is not spotless but I don't think that means we should
ignore or even downgrade these kind of security bugs.

This particular bug is more severe than it looks because it can allow
a guest to escape even if the host admin didn't intend to use any of
the COW features.

I (with my Xen-upstream-qemu-wrestler hat on) made a number of changes
to our various qemu branches to fix this.  I would strongly suggest
that Debian (and other distros) should take the relevant changes and
make them available to their users as a matter of urgency.

Best would be for Debian to take the fixes that we put into the Xen
3.2 branch ourselves.  There are other important changes in our
xen-3.2-testing branch, which is the stable maintenance branch, and it
would probably be wise for Debian to consider releasing a Xen in lenny
based on that series.

If Debian doesn't want to take all of the fixes from our Xen 3.2
stable bugfix branch, then at the very least the following should be
cherry-picked:

changeset:   16986:f9fe280cbe5e
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Thu Sep 11 16:01:59 2008 +0100
summary:     ioemu: Fix bug in map cache

changeset:   16942:df2af4150d76
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Fri Jun 27 17:00:59 2008 +0100
summary:     ioemu: Fix usbdevice parameter to encode vbd type.

changeset:   16940:faa782670156
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Fri Jun 27 16:59:50 2008 +0100
summary:     ioemu: Disable format auto-probing in monitor command change

changeset:   16917:a38f0a4f501d
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Wed May 28 16:31:45 2008 +0100
summary:     ioemu: Force floppy disk images to be interpreted as raw.

changeset:   16907:0016f5a1dd5a
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Thu May 15 15:11:29 2008 +0100
summary:     ioemu: Do not try to guess backing file format when using qcow vbds.
changeset:   16899:5824167feb81
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Wed May 14 09:12:27 2008 +0100
summary:     ioemu: Fix handling of phy: block devices.

changeset:   16894:80730d294e51
user:        Keir Fraser <keir.fraser at citrix.com>
date:        Tue May 13 15:19:47 2008 +0100
summary:     ioemu: fix disk format security vulnerability

Ian.