[Bug 231480] sysutils/grub2-bhyve: "(host)" filesystem is a potential security issue
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Mar 30 23:45:46 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231480
Conrad Meyer <cem at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|cem at freebsd.org |ports-bugs at FreeBSD.org
--- Comment #5 from Conrad Meyer <cem at freebsd.org> ---
The github PR has been merged, so (host) is now read-only and access limited to
the unprivileged 'nobody' user. That (?)might be sufficient to resolve this
bug as-reported, since most secrets will not be readable by user 'nobody'.
That said, the guest should not have arbitrary 'nobody'-level read access to
the host filesystem anyway, so it's still a privilege escalation that needs
fixed.
Adding chroot()+chdir() (both are essential!) in the non-'-r host' case is
pretty trivial, if someone wants to tackle that. I can help provide pointers
but I think I'm done with grub-bhyve work myself for the time being.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list