Re: qemu-user lost its entire viability

To: Thorsten Glaser <tg@debian.org>
Cc: debian-68k@lists.debian.org, debian-superh@lists.debian.org, security@debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Subject: Re: qemu-user lost its entire viability
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Sat, 23 Aug 2025 22:34:04 +0300
Message-id: <[🔎] 922d1c02-8316-40b6-ae53-7f15e1190f0b@tls.msk.ru>
In-reply-to: <[🔎] ebe17f44-462f-7c6f-c825-00e5657957a4@debian.org>
References: <aKi6IWVX2uIlGKnw@seger.debian.org> <Pine.BSM.4.64L.2508230023030.21591@herc.mirbsd.org> <6abe2750-5e2c-43a1-be57-1dc2ccabdd91@tls.msk.ru> <[🔎] 119d5858-52f4-ce1b-9ee7-9615ce2054b9@debian.org> <[🔎] b9c3de733b99cabeecff8b50a7d57fd17b29a08e.camel@physik.fu-berlin.de> <[🔎] 2890f137-20fe-452f-bacd-cef360eeb548@tls.msk.ru> <[🔎] ca288b60-409e-ebc8-e436-23675dacfd96@debian.org> <[🔎] 43467334-39dd-488b-a9a8-f79199ba8b5a@tls.msk.ru> <[🔎] ebe17f44-462f-7c6f-c825-00e5657957a4@debian.org>

On 23.08.2025 22:20, Thorsten Glaser wrote:

On Sat, 23 Aug 2025, Michael Tokarev wrote:

prompt> chroot --userspec=uname:gname /path/to/chroot /bin/sh
chroot> do something
chroot> sudo do something else


This relied on an equivalent of your /bin/sh being suid-root.


Then fix it. Make qemu-user check privilegues and drop them
where not needed. Do not cop out breaking everything for users.


As I wrote in previous email, you're free to write that part.
Before you begin, mind you: it is tricky, and it definitely is
not enough to check privs in qemu-user, it will need real
address space and credential separation with the help from
kernel.

No use cases - no matter existing or not, no matter how important
they are - warrant a huge security hole to be shipped in debian.

I don't understand why you urge to return suid-root to your


I don’t, I just fucking want the use case to continue working,
and you map this as black-and-white and general “no, fuck off,
I don’t even *try* to understand your use case and instead just
tell you to not use it”.


Once again: it does not matter how important your or anyone else's
use case is.  What you're asking is impossible to do right now,
without major rewriting of qemu-user.  It is not me who refuse
to understand your use case.  No matter how well I or you or
anyone else will understand your use case, - it wont change the
situation we're on: we relied on non-existing feature.  It is
not me who prevents you from using something which doesn't exist.
It is the fact it doesn't exist who prevents you from using it.
No matter how important your use case it or how well it is
understood.

I'd fucking want the life to be good fair.  Unfortunately it is
not to our liking sometimes.  And instead of shooting someone who
found and closed a huge security hole, you can become a bit more
cooperative or constructive and think of possible ways to solve
issues you bring in some way or another.  I do have my own share
of experience in *nix for 30+ years and can be of some help here
too, and am willing to help.  But I can't do the impossible.

If someone can rephrase this in a way which is more understandable
by Thorsten, please do.  So far I failed, it looks like.

Thanks,

/mjt

Reply to:

Follow-Ups:
- Re: qemu-user lost its entire viability
  - From: Thorsten Glaser <tg@debian.org>

References:
- qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: Thorsten Glaser <tg@debian.org>
- Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
- Re: qemu-user viability (was Re: [SECURITY] [DSA 5983-1] qemu security update)
  - From: Michael Tokarev <mjt@tls.msk.ru>
- Re: qemu-user viability
  - From: Thorsten Glaser <tg@debian.org>
- Re: qemu-user viability
  - From: Michael Tokarev <mjt@tls.msk.ru>
- Re: qemu-user lost its entire viability
  - From: Thorsten Glaser <tg@debian.org>

Prev by Date: Re: qemu-user lost its entire viability
Next by Date: Re: qemu-user lost its entire viability
Previous by thread: Re: qemu-user lost its entire viability
Next by thread: Re: qemu-user lost its entire viability
Index(es):
- Date
- Thread