Security hole when using qemu
Found this when installing and using qemu-2.3.0 Ubuntu 14.04 (patched)
I have three disks in my systems. I will call them hda1, hdb1, hdc1. My boot disk is hda1. I put the bits in hdc1/qemu_test and soft linked to the hda1/~/test (my home directory). So somehow, and without my permission, qemu changed my bios to boot disk hdc1. I note I did this without turning on any privileges.
The symptoms were when trying to boot, > grub rescue > can't find /boot/grub/
It attempted to boot from the qemu image on hdc1.
What was a bitch was booting from a 'try ubuntu' cd, there is no trace of /boot/grub/
So what happened was the boot disk was switched in the bios and for what ever reason, it found the qemu.img file and tried to boot from it. The solution was to change the boot order in the bios.
I am thinking what without elevating any privileges I can (in a multi-disk system, maybe a single disk system too) change the the computer to boot from a binary that was install without root privileges.
Please note if you have any questions, contact me at my new email. <email address hidden>
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask wbcody for more information if necessary.