oss-sec mailing list archives
CVE request -- libguestfs: virt-edit doesn't preserve file permissions
From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 11 Jun 2012 18:21:19 +0200
Description of the problem: virt-edit creates a new file when it is used and thus does not preserve file permissions, file owner and SELinux context on the files that it was editing. As a consequence, if certain security-sensitive files in the guest were edited using virt-edit, they would become world-readable. Proposed upstream patch: https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html References: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html https://bugzilla.redhat.com/show_bug.cgi?id=788642 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- libguestfs: virt-edit doesn't preserve file permissions Petr Matousek (Jun 11)
- Re: CVE request -- libguestfs: virt-edit doesn't preserve file permissions Kurt Seifried (Jun 11)