Ubuntu

Security hole when using qemu

Asked by wbcody

Found this when installing and using qemu-2.3.0 Ubuntu 14.04 (patched)

I have three disks in my systems. I will call them hda1, hdb1, hdc1. My boot disk is hda1. I put the bits in hdc1/qemu_test and soft linked to the hda1/~/test (my home directory). So somehow, and without my permission, qemu changed my bios to boot disk hdc1. I note I did this without turning on any privileges.

The symptoms were when trying to boot, > grub rescue > can't find /boot/grub/i386-pc/normal.mod

It attempted to boot from the qemu image on hdc1.

What was a bitch was booting from a 'try ubuntu' cd, there is no trace of /boot/grub/i386-pc/normal.mod *not being found. It is there, and its backup is there in /usr/lib tree. The /boot/grub/i386-pc the boot, ie grub rescue > reported what was in the qemu.img file. Setting the boot in grub rescue from (hdc,1)/boot to (hda,1) had no effect. How this can happen is puzzling.

So what happened was the boot disk was switched in the bios and for what ever reason, it found the qemu.img file and tried to boot from it. The solution was to change the boot order in the bios.

I am thinking what without elevating any privileges I can (in a multi-disk system, maybe a single disk system too) change the the computer to boot from a binary that was install without root privileges.

Please note if you have any questions, contact me at my new email. <email address hidden>

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug. Mark it as a security bug

Can you help with this problem?

Provide an answer of your own, or ask wbcody for more information if necessary.

To post a message you must log in.