Le mercredi 02 janvier 2013 à 01:16 +0000, Peter Maydell a écrit : > On 20 December 2012 20:56, Laurent Vivier <laur...@vivier.eu> wrote: > > When qemu-linux-user is used in a linux container or chroot, > > if it needs to load binaries with SUID/SGID bits, it needs to > > have root rights to be able to change UID/GID. To do that, we > > need to install it with SUID bits and root owner. > > I suspect a suid qemu binary is a big fat security hole...
This is why this feature is disabled by default and must be enabled with configure. Moreover this is only for qemu-linux-user and the first thing done in main() is to set euid/egid to real uid/gid. > > Then, if the SUID bit is not set on the binary to load, > > qemu will set its UID to the saved UID (the current user ID). > > > > To be able to retrieve unsecure environment variables (LD_PRELOAD, > > LD_LIBRARY_PATH) with SUID bit, we need to disable "unsetenv()". > > Otherwise libc unsets these variables before entering in main() > > This is basically deliberately disabling a glibc security check. Yes, but this security check is mainly to avoid to load unsecure library. To avoid this too, we force the "--static" mode. This is not perfect but bring to qemu-linux-user an interesting feature. > Needs careful thought and review (which I don't have time for > just now I'm afraid) before this can be committed. > > -- PMM -- "Just play. Have fun. Enjoy the game." - Michael Jordan
