Bug#764894: marked as done (virt-manager: USB devices are generally redirected to VMs)

Sun, 12 Oct 2014 10:52:13 -0700 

Your message dated Sun, 12 Oct 2014 17:49:14 +0000
with message-id <e1xdngc-0000ur...@franck.debian.org>
and subject line Bug#764894: fixed in virt-manager 1:1.0.1-3
has caused the Debian Bug report #764894,
regarding virt-manager: USB devices are generally redirected to VMs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
764894: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764894
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: virt-manager
Version: 1:1.0.1-2.1
Severity: critical
Tags: security
Justification: root security hole


Hi.

Not sure whether the problem here is actually in virt-manager, libvirt
or spice-client-glib-usb-acl-helper.
So pleace redirect as necessary.


I've just noted a very serious behaviour (which is also why I marked
it as critical and root security hole):

It seems that when plugging an USB device into ay computer where
I run virtmanager and where I'm connected to some VMs via SPICE,
that such USB devices are forwarded to that VM. o.O

I wonder how it chooses to which the device is redirected if there
are more VMs connected.


Now SPICE seemst to be the default for newly created VMs via libvirt
and the SPICE USB Redirector devices are created per default as well.
Also this isn't like the "USB Host Device" hardware in
virtmanager/libvirt/qemu, where one at least has to select *which*
USB device is connected.


Now since VM's are often used by people as kind of jails, e.g. running
untrustworthy OSes or programs in it, or since the VM may be just on
any remote server (from work or wherever), redirecting USB devices
without asking is IMHO a great security hole.
The USB device could contain just anything, my most recent hard disk
backup (and thus root passwords, dmcrypt keys etc). or my private
picture collection.


The 2nd critical security aspect of this:
A normal user(!) is apparently allowed to redirect a hardware device.
Not sure whether this is the typical policykit problem that locally
logged in users are handled as if they were root... but hell, one
cannot simply give normal users full access to USB devices if root
hasn't manually allowed them.


Cheers,
Chris



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages virt-manager depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gconf2                                       3.2.6-3
ii  gir1.2-gtk-3.0                               3.14.1-1
ii  gir1.2-gtk-vnc-2.0                           0.5.3-1.2
ii  gir1.2-libvirt-glib-1.0                      0.1.7-2.1
ii  gir1.2-spice-client-gtk-3.0                  0.25-1
ii  gir1.2-vte-2.90                              1:0.36.3-1
ii  librsvg2-common                              2.40.4-1
ii  python-dbus                                  1.2.0-2+b3
ii  python-gi                                    3.14.0-1
ii  python-gi-cairo                              3.14.0-1
ii  python-ipaddr                                2.1.11-2
ii  python-libvirt                               1.2.8-1
ii  python-urlgrabber                            3.9.1-4
pn  python2.7:any                                <none>
pn  python:any                                   <none>
ii  virtinst                                     1:1.0.1-2.1

Versions of packages virt-manager recommends:
ii  gnome-icon-theme         3.12.0-1
ii  libvirt-daemon           1.2.9-2
ii  python-spice-client-gtk  0.25-1

Versions of packages virt-manager suggests:
ii  gnome-keyring        3.14.0-1
ii  python-gnomekeyring  2.32.0+dfsg-3
pn  python-guestfs       <none>
pn  ssh-askpass          <none>
pn  virt-viewer          <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: virt-manager
Source-Version: 1:1.0.1-3

We believe that the bug you reported is fixed in the latest version of
virt-manager, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 764...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <a...@sigxcpu.org> (supplier of updated virt-manager package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 12 Oct 2014 19:30:57 +0200
Source: virt-manager
Binary: virt-manager virtinst
Architecture: source all
Version: 1:1.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers 
<pkg-libvirt-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
 virt-manager - desktop application for managing virtual machines
 virtinst   - Programs to create and clone virtual machines
Closes: 764880 764894
Changes:
 virt-manager (1:1.0.1-3) unstable; urgency=medium
 .
   * [da12f60] details: Fix changing graphics type (bz 1083903)
     (Closes: #764880)
   * [d81fd3c] Don't enable usb redirection into the guest by default
     (Closes: #764894)
Checksums-Sha1:
 de213b8aacecc5fa64d62b6ace34e27341910511 2075 virt-manager_1.0.1-3.dsc
 8260f8c69bf813856e2919c7e19a2be494dd65fd 13884 
virt-manager_1.0.1-3.debian.tar.xz
 7510541b4744fc17e0970fcef89a95b76a004ff9 881064 virt-manager_1.0.1-3_all.deb
 bbe3eb068c52899d2df430e7f4a299e33a3af2c0 163834 virtinst_1.0.1-3_all.deb
Checksums-Sha256:
 81ee5cd20ac53e0bcfd7f9f1d409f9b0d98468e5cbd53e7db585a2e07a6993bb 2075 
virt-manager_1.0.1-3.dsc
 978651452016747133bf794488dd31d730bb371f42a20815a23f9c83b5cf27e5 13884 
virt-manager_1.0.1-3.debian.tar.xz
 34402014c3786f6da10d2cb4f92eaff60870b0ee7f25654093f8f31ae74ff9b5 881064 
virt-manager_1.0.1-3_all.deb
 9228497b1df56fc8c6f0f783dedd84f7d2b9ee99d4ddf40e277baf05a1b00282 163834 
virtinst_1.0.1-3_all.deb
Files:
 ac717c34928bc676753eb808d710aa9e 2075 admin optional virt-manager_1.0.1-3.dsc
 7d57e28daffc433d62017999115b9d47 13884 admin optional 
virt-manager_1.0.1-3.debian.tar.xz
 b4a11bd0c348937dc9ecd6ac5b15cbe4 881064 admin optional 
virt-manager_1.0.1-3_all.deb
 fdcb8f9538381f02dc015cbf583d1059 163834 admin optional virtinst_1.0.1-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVDq78Qe4t7DqmBILAQgIZA//WthcR9JPOXMsrXxo7RsytpOBDwEJV+GG
wPj+67ddkuJIA/NN7ofFCiLnDmhpA/5B355yyj5ZMMD+5jTAi/1aJpPVeZUvmY8Q
dn8/Z4ulcrT12St+rSXz9eueyTosA8h9QnCrs24NyWn3LJwloirayFm+bVj/dX/M
7wGlLtKfGj4CpYdBF0WRqIbuboMy/Ao1VR9TVQVJoqgQOprupsR4CHXMGVJsCw4T
Z77auCKVldjO/SiL7FL6mikVFxWL8Tur4+FxC9Ndh9ecCpWrRi62Vm6lpdqsWCLx
96cklpbA2hj9GOAr/Rhq91117VQyMS6vw91wFUqnALFtOEF8Hs2CvlDYx1j/w6Xt
YV7LQJL1zWEHrjfw4gulf7FnFZny0LIW/OZ6yFTFk/1Os2J9AVduUIfhspU/Y73e
vHPzr3c7TunyrqDuqyupGgeWS10ykEeKTpfWJUO+84i8yPpw2KmGLWFEAbZ2fmEI
l/qbUYuFFbHspzNqLPMary6z1PQPTsoUErfrllbJp/QvNeZiqLYNUdcVLwb4i4o7
ZPa4XkBczVwBRH/5otkgl5yo9wOD4qegbV0EgzHePs9awB3kczqQmEZiLpJBizWZ
cIdB4hKHEHIqnUxPL6n/ojyMchGKTahjjGHN7GpBI+xAcxwwPMXIh46gtkWEIs2g
XpT7qS0SKE8=
=UVcb
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to