Actually, from a quick google perhaps ensuring all threads run after chroot / dropping privileges might be a good idea.
- http://wiki.freebsd.org/Per-Thread%20Credentials - http://www.cocoabuilder.com/archive/cocoa/33107-cthread-fork.html though it looks like you might need to put in effort into getting per- thread uid's for freebsd/macosx when they make that available, and you're assuming they're running a recent glibc. Depending on complexity, it can't hurt to ensure you're not going to hit into per-thread uid/gid's. I'm of two minds about glibc doing this. This was a particular favourite bug class of mine :) It seems that there is a linux distro which uses uclibc, which does not emulate the glibc behaviour: http://dl-4.alpinelinux.org/alpine/v2.2/main/x86/ <-- has qemu packages. we can use http://paste.pocoo.org/raw/438497/ to emulate qemu's behaviour # ./test [main] my [ug]id is 100/100 [thread] my [ug]id is 0/0 ^-- the qemu thread would be running as root running the same code under glibc (without grsecurity chroot_findtask), and it will drop privileges as you'd expect on recent glibc. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/807893 Title: qemu privilege escalation Status in QEMU: Confirmed Bug description: If qemu is started as root, with -runas, the extra groups is not dropped correctly /proc/`pidof qemu`/status .. Uid: 100 100 100 100 Gid: 100 100 100 100 FDSize: 32 Groups: 0 1 2 3 4 6 10 11 26 27 ... The fix is to add initgroups() or setgroups(1, [gid]) where appropriate to os-posix.c. The extra gid's allow read or write access to other files (such as /dev etc). Emulating the qemu code: # python ... >>> import os >>> os.setgid(100) >>> os.setuid(100) >>> os.execve("/bin/sh", [ "/bin/sh" ], os.environ) sh-4.1$ xxd /dev/sda | head -n2 0000000: eb48 9000 0000 0000 0000 0000 0000 0000 .H.............. 0000010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ sh-4.1$ ls -l /dev/sda brw-rw---- 1 root disk 8, 0 Jul 8 11:54 /dev/sda sh-4.1$ id uid=100(qemu00) gid=100(users) groups=100(users),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),26(tape),27(video) To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/807893/+subscriptions
