On 10/12/2011 11:57 AM, Hong Xiang wrote:
[hxiang@T420 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Workstation release 6.1 (Santiago)
[hxiang@T420 ~]$ cat /etc/openclient-release
Open Client RHEL 64 3.10 (Gold Master)
[hxiang@T420 ~]$ libvirtd --version
libvirtd (libvirt) 0.8.7
On Wed, Oct 12, 2011 at 11:57:25AM +0800, Hong Xiang wrote:
I found there's a way for a unprivileged user to overwrite sensitive
system file with virsh, here's how:
1. (as an unprivileged user) start virsh and connect to the r/w
socket of libvirtd:
virsh -c
It turned out that in my environment the user 'hxiang' I was testing
with is in group 'desktop_admin_r' and PolicyKit takes all users in that
group as administrators. That's why I could connect without authentication.
Sorry for the false alarm.
On 10/12/2011 04:22 PM, Daniel P. Berrange wrote:
I found there's a way for a unprivileged user to overwrite sensitive
system file with virsh, here's how:
1. (as an unprivileged user) start virsh and connect to the r/w socket
of libvirtd:
virsh -c qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
2. start a guest, then issue 'save'
