Old versions of both virt-edit and the guestfish "edit" command created a new file containing the changes but did not set the permissions, etc of the new file to match the old one. The result of this was that if you edited a security sensitive file such as "/etc/shadow" then it would be left world-readable after the edit.
This issue was assigned CVE-2012-2690, and is fixed in libguestfs >= 1.16. For further information, see https://bugzilla.redhat.com/show_bug.cgi?id=788642 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs