On 08/08/2012 05:37 AM, Eric Windisch wrote: > > Also notice that libguestfs is supported as an injection mechanism > which mounts images in a separate VM, with one of the big advantages > of that being better security. > > > Are you sure about this? Reading the driver source, it appears to be using > 'guestmount' as glue between libguestfs and FUSE. Worse, this is done as > root. This mounts the filesystem in userspace on the host, but the userspace > process runs as root. Because the filesystem is mounted, all reads and > writes must also happen as root, leading to potential escalation scenarios. > > It does seem that libguestfs could be used securely, but it isn't.
The image is handled in a separate VM. guestmount sets up communication with this VM. cheers, Pádraig. _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
