Ubuntu
libvirt package

libvirt runs dnsmasq as user nobody

Bug #938255 reported by Steve Beattie
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
High
Serge Hallyn

Bug Description

libvirt uses dnsmasq to provide dns services to the guest vms; however, it starts dnsmasq under user nobody:

  $ ps auwwx | grep dnsmasq
  nobody 2117 0.0 0.0 25956 940 ? S 14:31 0:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --except-interface lo --listen-address 192.168.122.1 --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/default.leases --dhcp-lease-max=253 --dhcp-no-override

Generally it's bad form from a security perspective to run daemons as user nobody because a vulnerability in one daemon will possibly allow it, when compromised, to interfere with another daemon that is also running as nobody. The preferred solution is to run it as a service-specific system user. In this case, because there may be multiple dnsmasq daemons running, a separate libvirt-dnsmasq user (the dnsmasq package itself runs the dnsmasq daemon under a system user called unsurprisingly 'dnsmasq').

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libvirt-bin 0.9.8-2ubuntu10
ProcVersionSignature: Ubuntu 3.2.0-12.20-generic 3.2.2
Uname: Linux 3.2.0-12-generic x86_64
ApportVersion: 1.92-0ubuntu1
Architecture: amd64
Date: Tue Feb 21 14:49:49 2012
InstallationMedia: Ubuntu-Server 10.04 "Lucid Lynx" - Alpha amd64 (20100330)
ProcEnviron:
 TERM=screen
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=bash
SourcePackage: libvirt
UpgradeStatus: Upgraded to precise on 2012-01-18 (34 days ago)

Related branches

lp:ubuntu/precise/libvirt
Revision history for this message
Steve Beattie (sbeattie) wrote :
Serge Hallyn (serge-hallyn)
Changed in libvirt (Ubuntu):
status: New → Confirmed
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks, Steve. Could you please set the priority of this bug as you see it?

Also if you think there would be worthwhile security benefits to switching libvirt and lxc to modifying the host's main dnsmasq instance (as per bug 925511) please let me know as it would obviate the need for this bug if we did that with an FFE.

Serge Hallyn (serge-hallyn)
Changed in libvirt (Ubuntu):
importance: Undecided → High
assignee: nobody → Serge Hallyn (serge-hallyn)
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Fix is committed to lp:ubuntu/libvirt (and lp:~serge-hallyn/ubuntu/precise/libvirt/libvirt-dnsmasq). I'll push it to the archive when betafreeze is over.

Changed in libvirt (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 0.9.8-2ubuntu11

---------------
libvirt (0.9.8-2ubuntu11) precise; urgency=low

  [ Serge Hallyn ]
  * run dnsmasq as a new libvirt-dnsmasq user (LP: #938255)
    - ubuntu/dnsmasq-as-priv-user: add '-u libvirt-dnsmasq' to dnsmasq args
    - debian/libvirt-bin.postinst: create libvirt-dnsmasq user
    - tests/networkxml2argvdata/*.argv: update expected dnsmasq command lines
      to include '-u libvirt-dnsmasq'.

  [ Chuck Short ]
  * cherry-pick rewrite-lxc-controller-eof-handling-yet-again (commit
    9130396214975ba2251082f943c9717281039050) from upstream.
 -- Serge Hallyn <email address hidden> Fri, 02 Mar 2012 08:49:41 -0600

Changed in libvirt (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.