Bug#1120119: libvirt-daemon: data leak for new offline snapshots

Sylvain Beucler Wed, 05 Nov 2025 09:30:17 -0800

Package: libvirt-daemon
X-Debbugs-Cc: [email protected], [email protected]
Version: 11.3.0-3
Severity: grave


Dear Maintainer,

When creating snapshots for shut-down VMs, using virt-manager or virsh,e.g.:virsh snapshot-create-as --domain bookworm-oldstable --name snap1--disk-only --diskspecvda,snapshot=external,file=/var/lib/libvirt/images/myvm.snap1


then the snapshot is world-readable (644):
# ls -lh /var/lib/libvirt/images/bookworm-oldstable.snap1

-rw-r--r-- 1 root root 193K 5 nov. 17:40/var/lib/libvirt/images/myvm.snap1


by any user:
# su - nobody -s /bin/sh -c 'hd -n 8 /var/lib/libvirt/images/myvm.snap1'
00000000  51 46 49 fb 00 00 00 03                           |QFI.....|

(This doesn't happen for running VMs where permission is correctly 600.)

Such snapshots also stay world-readable after running the VM, allowingall local users to access the new data, which is a grave data leak.


Regards,
Sylvain Beucler

Bug#1120119: libvirt-daemon: data leak for new offline snapshots

Reply via email to