Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)

To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>, Thorsten Glaser <tg@debian.org>
Cc: security@debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>, debian-68k <debian-68k@lists.debian.org>, debian-superh <debian-superh@lists.debian.org>
Subject: Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Sat, 23 Aug 2025 20:27:20 +0300
Message-id: <[🔎] 2890f137-20fe-452f-bacd-cef360eeb548@tls.msk.ru>
In-reply-to: <[🔎] b9c3de733b99cabeecff8b50a7d57fd17b29a08e.camel@physik.fu-berlin.de>
References: <aKi6IWVX2uIlGKnw@seger.debian.org> <Pine.BSM.4.64L.2508230023030.21591@herc.mirbsd.org> <6abe2750-5e2c-43a1-be57-1dc2ccabdd91@tls.msk.ru> <[🔎] 119d5858-52f4-ce1b-9ee7-9615ce2054b9@debian.org> <[🔎] b9c3de733b99cabeecff8b50a7d57fd17b29a08e.camel@physik.fu-berlin.de>

Please, everyone, tell me.

Suppose we had suid-root /bin/sh for 15 years.  We noticed this
and removed the suid bit from it, finally - because this way everyone's
system was trivially vulnerable to a trivial local root - there isn't
even "exploit" necessary, just run /bin/sh and be root.

Now you're asking to return things back "because real life is not
a theoretical university thesis".  Should we keep /bin/sh suid-root
because some users setups broke when we revoked suid bit from a
binary which never, ever, supposed to be suid?

Sure you can rebuild your /bin/sh to make it suid (I dunno why do
you want to rebuild it when there's chmod, but this is a different
question).  You're free to do it, that's your system.  This does
not mean everyone else system should be trivially owned like we
had.

And yes, as I mentioned before, some setups might break - the ones
which relied on suid/sgid bits.  If you had setup which relied on
/bin/sh being suid-root, it wont work anymore.  And it is not me
who should tell you how to change your setup, because I don't
know your setup.  /bin/sh is not supposed to be suid-root, and
there's no way it will be kept suid-root.

What are we talking about?  I don't understand.

Thanks,

/mjt

Reply to:

Follow-Ups:
- Re: qemu-user viability
  - From: Thorsten Glaser <tg@debian.org>

References:
- qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: Thorsten Glaser <tg@debian.org>
- Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

Prev by Date: Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
Next by Date: Re: qemu-user viability
Previous by thread: Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
Next by thread: Re: qemu-user viability
Index(es):
- Date
- Thread