Redis port vulnerability in subprocess qemu-system-aarch64

[genman]

qemu-system-aarch64 creates a port 6379 that is bound to all interfaces, among other ports. The port 6379 for REDIS which is accessible without authentication.

https://support.genymotion.com/hc/en-us/articles/360002732118-Genymotion-Desktop-and-firewalls

For running Genymotion, can you please bind the ports to the local interface only?

Command for reference:
#➜ qemu-system-aarch64 --device ac97,audiodev=snd0 -M virt -accel hvf -audiodev coreaudio,id=snd0,out.frequency=48000 -bios /Applications/Genymotion.app/Contents/MacOS/qemu/arm64/share/qemu/QEMU_EFI.fd -cpu host -device virtio-rng-pci -drive file=/Users/elias_ross/.Genymobile/Genymotion/deployed/Google Pixel/system.qcow2,format=qcow2,if=virtio -drive file=/Users/elias_ross/.Genymobile/Genymotion/deployed/Google Pixel/data.qcow2,format=qcow2,if=virtio -drive format=vvfat,label=shared,file=fat:ro:/Users/elias_ross/.Genymobile/Genymotion/deployed/Google Pixel/shared,if=virtio -m 4096M -nic user,id=net0,model=virtio-net-pci,net=10.0.2.0/24,hostfwd=tcp::6555-:5555,hostfwd=tcp::6379-:6379,hostfwd=tcp::22468-:22468,hostfwd=tcp::24297-:24297,hostfwd=tcp::24296-:24296,hostfwd=tcp::24800-:24800,hostfwd=tcp::24810-:24810,hostfwd=tcp::25000-:25000 -nic user,id=net1,model=virtio-net-pci,net=10.0.3.0/24 -nodefaults -nographic -object iothread,id=disk-iothread -qmp tcp:localhost:23555,server,nowait -smp 4

This is a blocker for running Genymotion using my corporate network.

[agavignet]

Hi @genman,

Thanks for your valuable feedback, we will fix it in the next Genymotion Desktop version.

As it is a blocker for you, I'm sharing with you an undocumented workaround that you can try with no guarantee of success.

TLDR;

Try to set the env var GM_QEMU_START_ARGS with the following value, then if you start Genymotion, the QEMU argument should be partly overriden:

-nic[0]=user,id=net0,model=virtio-net-pci,net=10.0.2.0/24,hostfwd=tcp:127.0.0.1:6555-:5555,hostfwd=tcp:127.0.0.1:6379-:6379,hostfwd=tcp:127.0.0.1:22468-:22468,hostfwd=tcp:127.0.0.1:24297-:24297,hostfwd=tcp:127.0.0.1:24296-:24296,hostfwd=tcp:127.0.0.1:24800-:24800,hostfwd=tcp:127.0.0.1:24810-:24810,hostfwd=tcp:127.0.0.1:25000-:25000

👇 Explanation

In the process command you see two -nic argument, the first one is the one you want to change.

-nic user,id=net0,model=virtio-net-pci,net=10.0.2.0/24,hostfwd=tcp::6555-:5555,hostfwd=tcp::6379-:6379,hostfwd=tcp::22468-:22468,hostfwd=tcp::24297-:24297,hostfwd=tcp::24296-:24296,hostfwd=tcp::24800-:24800,hostfwd=tcp::24810-:24810,hostfwd=tcp::25000-:25000

Using a sed command to add 127.0.0.1 interface.

echo "-nic user,id=net0,model=virtio-net-pci,net=10.0.2.0/24,hostfwd=tcp::6555-:5555,hostfwd=tcp::6379-:6379,hostfwd=tcp::22468-:22468,hostfwd=tcp::24297-:24297,hostfwd=tcp::24296-:24296,hostfwd=tcp::24800-:24800,hostfwd=tcp::24810-:24810,hostfwd=tcp::25000-:25000" | sed 's/::/:127.0.0.1:/g'

The result is:

-nic user,id=net0,model=virtio-net-pci,net=10.0.2.0/24,hostfwd=tcp:127.0.0.1:6555-:5555,hostfwd=tcp:127.0.0.1:6379-:6379,hostfwd=tcp:127.0.0.1:22468-:22468,hostfwd=tcp:127.0.0.1:24297-:24297,hostfwd=tcp:127.0.0.1:24296-:24296,hostfwd=tcp:127.0.0.1:24800-:24800,hostfwd=tcp:127.0.0.1:24810-:24810,hostfwd=tcp:127.0.0.1:25000-:25000

The value of the env var GM_QEMU_START_ARGS should be:

-nic[0]=user,id=net0,model=virtio-net-pci,net=10.0.2.0/24,hostfwd=tcp:127.0.0.1:6555-:5555,hostfwd=tcp:127.0.0.1:6379-:6379,hostfwd=tcp:127.0.0.1:22468-:22468,hostfwd=tcp:127.0.0.1:24297-:24297,hostfwd=tcp:127.0.0.1:24296-:24296,hostfwd=tcp:127.0.0.1:24800-:24800,hostfwd=tcp:127.0.0.1:24810-:24810,hostfwd=tcp:127.0.0.1:25000-:25000

ℹ️ -nic[0]=foo tells to override the value for the first occurence of -nic argument with foo.

[genman]

Thank you for your help and a detailed solution. I will try this locally.

[jmaneyrol69]

@genman Genymotion Desktop 3.8 has just been released! This new version includes a security patch which addresses the vulnerability you reported. For more details, please refer to the release notes: https://www.genymotion.com/blog/release-note/genymotion-desktop-3-8-0/