I have no idea if CVE-2015-5154 that Stephan inquired about affests Proxmox.
But when I see exploits like that the first thought in my mind is how easy it would be for such an exploit to get root on the Proxmox host. I've done some experimenting. If I take the KVM command as generated by Proxmox and simply add "-runas nobody" the VM starts up and runs without a problem. However when I try to open a console the KVM process fails. I suspect this is just some permissions in creating the socket but not investidated. A patch exists to prevent a crash when a socket cannot be opened. https://lists.gnu.org/archive/html/qemu-devel/2015-05/msg00577.html Any chance this security issue can be fixed before the 4.0 release? Eric _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
