9b252d2501
- admin: reject clients unless their UID matches the server UID CVE-2019-10132 96f41cd7-admin-reject-clients.patch, f111e094-locking-restrict-sockets-to-mode-0600.patch, e37bd65f-logging-restrict-sockets-to-mode-0600.patch bsc#1134348 OBS-URL: https://build.opensuse.org/request/show/704536 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=756
49 lines
1.7 KiB
Diff
49 lines
1.7 KiB
Diff
commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7
|
|
Author: Daniel P. Berrangé <berrange@redhat.com>
|
|
Date: Tue Apr 30 17:26:13 2019 +0100
|
|
|
|
admin: reject clients unless their UID matches the current UID
|
|
|
|
The admin protocol RPC messages are only intended for use by the user
|
|
running the daemon. As such they should not be allowed for any client
|
|
UID that does not match the server UID.
|
|
|
|
Fixes CVE-2019-10132
|
|
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
|
Index: libvirt-5.3.0/src/admin/admin_server_dispatch.c
|
|
===================================================================
|
|
--- libvirt-5.3.0.orig/src/admin/admin_server_dispatch.c
|
|
+++ libvirt-5.3.0/src/admin/admin_server_dispatch.c
|
|
@@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr
|
|
void *opaque)
|
|
{
|
|
struct daemonAdmClientPrivate *priv;
|
|
+ uid_t clientuid;
|
|
+ gid_t clientgid;
|
|
+ pid_t clientpid;
|
|
+ unsigned long long timestamp;
|
|
+
|
|
+ if (virNetServerClientGetUNIXIdentity(client,
|
|
+ &clientuid,
|
|
+ &clientgid,
|
|
+ &clientpid,
|
|
+ ×tamp) < 0)
|
|
+ return NULL;
|
|
+
|
|
+ VIR_DEBUG("New client pid %lld uid %lld",
|
|
+ (long long)clientpid,
|
|
+ (long long)clientuid);
|
|
+
|
|
+ if (geteuid() != clientuid) {
|
|
+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
|
|
+ (long long)clientpid,
|
|
+ (long long)clientuid);
|
|
+ return NULL;
|
|
+ }
|
|
|
|
if (VIR_ALLOC(priv) < 0)
|
|
return NULL;
|