Il 03/01/2014 20:58, Paul Moore ha scritto:
> The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on
> "/run/user/<UID>/pulse" which is currently blocked by the syscall
> filter; this patch adds the two missing syscalls to the whitelist.
> You can reproduce this problem with the following command:
>
> # qemu -monitor stdio -device intel-hda -device hda-duplex
>
> If watched under strace the following syscalls are shown:
>
> mkdir("/run/user/0/pulse", 0700)
> fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse]
Can fchmod be exploited to violate the sandbox (e.g. to let data escape
from a VM that ought not to have any way to communicate with the outside
world)?
Paolo
