Re: [Qemu-devel] [PATCH 1/1] linux-user: Handle /proc/self/exe in syscal

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/1] linux-user: Handle /proc/self/exe in syscal

From:	Olivier Dion
Subject:	Re: [Qemu-devel] [PATCH 1/1] linux-user: Handle /proc/self/exe in syscall execve
Date:	Mon, 02 Sep 2019 13:36:56 -0400

On 2019-08-23T12:58:43-0400, Laurent Vivier <address@hidden> wrote:

> Le 07/08/2019 à 15:54, address@hidden a écrit :
> > From: Olivier Dion <address@hidden>
> >
> > If not handled, QEMU will execve itself instead of the emulated
> > process.  This could result in potential security risk.
> >

> Could you explain what you mean by potential security risk?

I don't have any exploit in mind, but someone motivated enough could
certainly find one.  For example, it's possible to ask qemu static to
execute another program.

The main point is that an emulator should never leak informations to its
environnement.  If the emulated program can determine that it is being
emulated, other than by an "official" way, then the emulator is at
fault.

-- 
Olivier Dion
Polymtl

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH 1/1] linux-user: Handle /proc/self/exe in syscall execve, Olivier Dion <=
- Re: [Qemu-devel] [PATCH 1/1] linux-user: Handle /proc/self/exe in syscall execve, Laurent Vivier, 2019/09/02

Prev by Date: Re: [Qemu-devel] [PATCH] migration: Do not re-read the clock on pre_save in case of paused guest
Next by Date: Re: [Qemu-devel] [PATCH v5 2/4] block.c: adding bdrv_delete_file
Previous by thread: Re: [Qemu-devel] [PATCH] migration: Do not re-read the clock on pre_save in case of paused guest
Next by thread: Re: [Qemu-devel] [PATCH 1/1] linux-user: Handle /proc/self/exe in syscall execve
Index(es):
- Date
- Thread