From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 12 Nov 2025 16:52:05 +0000 (+0100)
Subject: qemu: snapshot: Set umask for 'qemu-img' when creating external inactive snapshots
X-Git-Tag: CVE-2025-13193^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a379327d8abcde8ac8d3e16fe5e4ba6f790d767a;p=thirdparty%2Flibvirt.git

qemu: snapshot: Set umask for 'qemu-img' when creating external inactive snapshots

External inactive snapshots are created by invoking 'qemu-img' which
creates the file. Currently qemu-img creates image with mode 644 based
on default umask as libvirt doesn't set any.

Having a world-readable image is obviously wrong so set the umask to
077 to have the file readable only by the owner.

Resolves: https://bugs.debian.org/1120119
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---

diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 5aa7d1b3a7..302775af92 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -228,6 +228,9 @@ qemuSnapshotCreateQcow2Files(virDomainDef *def,
                                          NULL)))
             return -1;
 
+        /* ensure that new files are only readable by the user */
+        virCommandSetUmask(cmd, 0077);
+
         /* adds cmd line arg: backing_fmt=format,backing_file=/path/to/backing/file */
         virBufferAsprintf(&buf, "backing_fmt=%s,backing_file=",
                           virStorageFileFormatTypeToString(defdisk->src->format));