similar to: ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket

Package: xen-utils-3.0.3-1 Version: 3.0.3-0-3 Severity: grave Tags: security Justification: user security hole Xen versions 3.x, and 3.1 contain a tool for processing Xen trace buffer information. This tool uses the static file /tmp/xenq-shm insecurely allowing a local user to truncate any local file when xenbaked or xenmon.py are invoked by root. Sample session: # setup. skx

Old versions of both virt-edit and the guestfish "edit" command created a new file containing the changes but did not set the permissions, etc of the new file to match the old one. The result of this was that if you edited a security sensitive file such as "/etc/shadow" then it would be left world-readable after the edit. This issue was assigned CVE-2012-2690, and is fixed in

libguestfs is a library and a set of tools for reading, writing, managing, inspecting, rescuing, resizing and aligning disk images, and offline and live virtual machines. I'm pleased to announce the release of libguestfs 1.14, the next stable release of libguestfs. There are many changes and new features in this release -- see below. You can get source and binaries from the website:

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated sgml-tools packages fix insecure temporary file handling Advisory ID: RHSA-2001:027-02 Issue date: 2001-03-09 Updated on: 2001-03-14 Product: Red Hat Linux Keywords: sgml-tools /tmp tempfile Cross

Signed-off-by: Hu Tao <hutao@cn.fujitsu.com> --- builder/website/debian.preseed | 2 +- builder/website/index | 120 +++++----- builder/website/index.asc | 120 +++++----- customize/customize_run.mli | 2 +- daemon/mount.c | 2 +- fish/test-file-attrs.sh | 10 +- generator/c.ml | 2 +- guestfs-release-notes.txt | 520

These two patches implement the first (and hardest) part of the fix for CVE-2010-3851. This adds a way to specify the format when adding a drive, avoiding qemu's auto-detection. In order to avoid an explosion of different add_drive_* functions (we have 4 already), we have implemented a way to specify optional arguments to functions, so all we need is a single new 'add_drive_opts'

1/8 generator: Rearrange argt logically (RHBZ#642934,CVE-2010-3851). 2/8 generator: Optional arguments, add-drive-opts (RHBZ#642934,CVE-2010-3851). These two previously posted. 3/8 fish: Specify format of disks (RHBZ#642934,CVE-2010-3851). Updates to guestfish to add the --format option and to make -d copy the format from libvirt. 4/8 fuse: Specify format of disks (RHBZ#642934,CVE-2010-3851).

Also fix two tests which assumed that you could add a non-existent socket. --- fish/test-add-uri.sh | 16 ++++++++++++---- lib/drives.c | 14 +++++++++++++- tests/disks/test-qemu-drive.sh | 19 ++++++++++++++----- 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh index 756df997b..cb4d40199 100755 ---

On Fri, Sep 01, 2017 at 06:21:38PM -0400, Amye Scavarda wrote: > On Fri, Sep 1, 2017 at 9:42 AM, Michael Scherer <mscherer at redhat.com> wrote: > > Le vendredi 01 septembre 2017 ? 14:02 +0100, Michael Scherer a ?crit : > >> Le mercredi 30 ao?t 2017 ? 12:11 +0530, Nigel Babu a ?crit : > >> > Hello, > >> > > >> > To reduce confusion,

On Fri, Sep 1, 2017 at 9:42 AM, Michael Scherer <mscherer at redhat.com> wrote: > Le vendredi 01 septembre 2017 ? 14:02 +0100, Michael Scherer a ?crit : >> Le mercredi 30 ao?t 2017 ? 12:11 +0530, Nigel Babu a ?crit : >> > Hello, >> > >> > To reduce confusion, we've setup docs.gluster.org pointing to >> > gluster.readthedocs.org. Both URLs will

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: man package''s ''makewhatis'' uses insecure handling of files in /tmp Advisory ID: RHSA-2000:041-02 Issue date: 2000-07-03 Updated on: 2000-07-03 Product: Red Hat Linux Keywords: man /tmp

The isdnlog program (provided by isdn4k-utils.tar.gz) creates a root-owned temp file called /tmp/isdnctrl (or /tmp/isdnctrl0) and no checking for symbolic links is done. The file is opened append only, a user can make a symbolic from /tmp/isdnctrl to any file and mess things up. example: ln -s /var/spool/mail/root /tmp/isdnctrl -- dentoir Fart Foundation Security through immaturity

-----BEGIN PGP SIGNED MESSAGE----- With the recent remote root Wu-ftpd exploit based upon incorrect format string handling (processing user-supplied data as format strings), I've taken to scanning any code with elevated permissions for similar problems. I found one in the portable version of OpenSSH. Its only outputting messages passed back by PAM, I think, so I don't think its

guestfish --ro -a /path/to/disk run : mount /dev/your-blkdev / : download /etc/resolv.conf /path/on/host/dst.file Is also not working for symbolic link - as "/etc/resolv.conf" is symbolic link. ________________________________ From: Nikolay Ivanets <stenavin@gmail.com> Sent: Friday, June 28, 2019 11:34 AM To: Chintan Patel Cc: Chintan Patel; libguestfs@redhat.com Subject: Re:

guestfish --listen necessarily redirects its stdout to /dev/null so as not to interfere with eval. The remote protocol doesn't contain any other provision for collecting stdout for the caller, so executing guestfish --remote will never generate any output. This patch fixes that by forwarding the caller's STDOUT to the listener over the unix socket connection. The listener redirects its

Le vendredi 01 septembre 2017 ? 14:02 +0100, Michael Scherer a ?crit?: > Le mercredi 30 ao?t 2017 ? 12:11 +0530, Nigel Babu a ?crit?: > > Hello, > > > > To reduce confusion, we've setup docs.gluster.org pointing to > > gluster.readthedocs.org. Both URLs will continue to work for the > > forseeable > > future. > > > > Please update any

On Mon, Jan 20, 2014 at 04:39:42PM +0100, Olaf Hering wrote: > > Is "luks-format" supposed to work with guestfish? Like guestfish <<EOF > luks-format /dev/sda4 0 > EOF > > Appearently it lacks an option to give the passphrase programmatically. > Was this option skipped on purpose? The underlying API takes a passphrase parameter, ie:

In 1.11.1 / git, I have made some changes to the way that you run guestfish, guestmount and the virt tools from the build directory without installing. Firstly you can't just run ./fish/guestfish or ./fuse/guestmount any more and have those programs magically set LIBGUESTFS_PATH. The automagic code was always error-prone and I have removed it. Secondly, all of the run-*-local scripts have

All API is exposed as gustfish commands -- Mykola Ivanets пт, 28 черв. 2019, 21:28 користувач Chintan Patel < chintan.r.patel@outlook.com> пише: > This no going to work. > AS I told you I need something under guestfish command list not from > guestfs commands. > > Thanks, > Chintan > ------------------------------ > *From:* Nikolay Ivanets

Hi,all,i build qemu-kvm1.0.93 from source code on centos6.2 , # qemu-system-x86_64 --version QEMU emulator version 1.0.93 (qemu-kvm-devel), Copyright (c) 2003-2008 Fabrice Bellard and the guestfish's version: # guestfish --version guestfish 1.7.17 but when i use the guestfish command to upload a file to a vm,it does not work , # guestfish --rw -i -d centosvm upload /test/ifcfg-eth0_centos