fffa5dcc99
escalation via virt-login-shell
ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch,
b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch,
CVE-2013-4400-build-fix.patch
bnc#837609
- CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native
57687fd6-CVE-2013-4401.patch
bnc#845704
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=315
37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
commit b7fcc799ad5d8f3e55b89b94e599903e3c092467
|
|
Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Date: Wed Oct 9 15:14:34 2013 +0100
|
|
|
|
Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
|
|
|
|
We don't want to inherit any FDs in the new namespace
|
|
except for the stdio FDs. Explicitly close them all,
|
|
just in case some do not have the close-on-exec flag
|
|
set.
|
|
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
Index: libvirt-1.1.2/tools/virt-login-shell.c
|
|
===================================================================
|
|
--- libvirt-1.1.2.orig/tools/virt-login-shell.c
|
|
+++ libvirt-1.1.2/tools/virt-login-shell.c
|
|
@@ -313,6 +313,18 @@ main(int argc, char **argv)
|
|
if (cpid == 0) {
|
|
pid_t ccpid;
|
|
|
|
+ int openmax = sysconf(_SC_OPEN_MAX);
|
|
+ int fd;
|
|
+ if (openmax < 0) {
|
|
+ virReportSystemError(errno, "%s",
|
|
+ _("sysconf(_SC_OPEN_MAX) failed"));
|
|
+ return EXIT_FAILURE;
|
|
+ }
|
|
+ for (fd = 3; fd < openmax; fd++) {
|
|
+ int tmpfd = fd;
|
|
+ VIR_MASS_CLOSE(tmpfd);
|
|
+ }
|
|
+
|
|
/* Fork once because we don't want to affect
|
|
* virt-login-shell's namespace itself
|
|
*/
|