Bug 945645 (CVE-2015-5247) - VUL-0: CVE-2015-5247: libvirt: nfs root squash problems
Summary: VUL-0: CVE-2015-5247: libvirt: nfs root squash problems
Status: RESOLVED FIXED
Alias: CVE-2015-5247
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/156554/
Whiteboard: CVSSv2:RedHat:CVE-2015-5247:1.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-14 09:17 UTC by Marcus Meissner
Modified: 2017-08-10 14:36 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-09-14 09:17:22 UTC 
CVE-2015-5247

http://libvirt.org/git/?p=libvirt.git;a=tag;h=6c03786285a507be7d93fa6b2786fad161066954
http://libvirt.org/git/?p=libvirt.git;a=tag;h=f99b6ddb92b19ba122d112b358199cab144e0d86
http://libvirt.org/git/?p=libvirt.git;a=tag;h=40c5e56f9de6be8c11ffeeecb007f93ed3a137de
https://bugzilla.redhat.com/show_bug.cgi?id=1259350


 Commit id '155ca616' added the 'refreshVol' API. In an NFS root-squash
environment it was possible that if the just created volume from XML wasn't
properly created with the right uid/gid and/or mode, then the followup
refreshVol will fail to open the volume in order to get the allocation/
capacity values. This would leave the volume still on the server and
cause a libvirtd crash because 'voldef' would be in the pool list, but
the cleanup code would free it.

 virfile: Introduce virFileUnlink

In an NFS root-squashed environment the 'vol-delete' command will fail to
'unlink' the target volume since it was created under a different uid:gid.

This code continues the concepts introduced in virFileOpenForked and
virDirCreate[NoFork] with respect to running the unlink command under
the uid/gid of the child. Unlike the other two, don't retry on EACCES
(that's why we're here doing this now).
Comment 1 Cédric Bosdonnat 2015-09-14 09:27:55 UTC 
Working on it
Comment 5 Bernhard Wiedemann 2015-09-14 10:00:18 UTC 
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/330866 Factory / libvirt
Comment 6 James Fehlig 2015-09-15 00:51:00 UTC 
Affects libvirt 1.2.14 through 1.2.19.  For SUSE products that means Factory, SLE12 SP1, and Leap. Cedric has already taken care of the first two.
Comment 7 Bernhard Wiedemann 2015-09-15 09:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/331002 Leap:42.1 / libvirt
Comment 8 Bernhard Wiedemann 2015-09-15 18:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/331092 Leap:42.1 / libvirt
https://build.opensuse.org/request/show/331093 Factory / libvirt
Comment 9 Bernhard Wiedemann 2015-09-17 21:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (945645) was mentioned in
https://build.opensuse.org/request/show/331842 Leap:42.1 / libvirt
Comment 10 Cédric Bosdonnat 2015-10-05 18:26:27 UTC 
Changes have now landed in all impacted distros
Comment 11 Marcus Meissner 2015-10-07 06:32:23 UTC 
reopen and reassign to security-team for tracking
Comment 12 Swamp Workflow Management 2015-10-07 21:59:56 UTC 
bugbot adjusting priority
Comment 13 Johannes Segitz 2017-08-10 14:36:59 UTC 
fixed