[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from gues
From:       P J P <ppandit () redhat ! com>
Date:       2021-01-22 11:34:19
Message-ID: osro0op-5878-q9n9-55r2-9021propo6n3 () erqung ! pbz
[Download RAW message or body]

+-- On Fri, 22 Jan 2021, Daniel Walsh wrote --+
| Did SELinux block this flaw?

* Not sure if there's a SELinux policy to block it. Didn't have a reproducer 
  handy.

| Seems virtiofsd should be running without CAP_MKNOD by default.

* Yes, there's an issue for nodev
    -> https://gitlab.com/virtio-fs/qemu/-/issues/24

  virtiofsd(1) also supports '-o modcaps=-mknod' option, it's not default 
  though.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[prev in list] [next in list] [prev in thread] [next in thread]