[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2020-35517 QEMU: virtiofsd: potential privileged host device access from gues
From: P J P <ppandit () redhat ! com>
Date: 2021-01-22 11:34:19
Message-ID: osro0op-5878-q9n9-55r2-9021propo6n3 () erqung ! pbz
[Download RAW message or body]
+-- On Fri, 22 Jan 2021, Daniel Walsh wrote --+
| Did SELinux block this flaw?
* Not sure if there's a SELinux policy to block it. Didn't have a reproducer
handy.
| Seems virtiofsd should be running without CAP_MKNOD by default.
* Yes, there's an issue for nodev
-> https://gitlab.com/virtio-fs/qemu/-/issues/24
virtiofsd(1) also supports '-o modcaps=-mknod' option, it's not default
though.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic