On 20 December 2012 20:56, Laurent Vivier <laur...@vivier.eu> wrote: > When qemu-linux-user is used in a linux container or chroot, > if it needs to load binaries with SUID/SGID bits, it needs to > have root rights to be able to change UID/GID. To do that, we > need to install it with SUID bits and root owner.
I suspect a suid qemu binary is a big fat security hole... > Then, if the SUID bit is not set on the binary to load, > qemu will set its UID to the saved UID (the current user ID). > > To be able to retrieve unsecure environment variables (LD_PRELOAD, > LD_LIBRARY_PATH) with SUID bit, we need to disable "unsetenv()". > Otherwise libc unsets these variables before entering in main() This is basically deliberately disabling a glibc security check. Needs careful thought and review (which I don't have time for just now I'm afraid) before this can be committed. -- PMM
