libvirt/57687fd6-CVE-2013-4401.patch

commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Thu Oct 3 16:37:57 2013 +0100

    Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
    
    The virConnectDomainXMLToNative API should require 'connect:write'
    not 'connect:read', since it will trigger execution of the QEMU
    binaries listed in the XML.
    
    Also make virConnectDomainXMLFromNative API require a full
    read-write connection and 'connect:write' permission. Although the
    current impl doesn't trigger execution of QEMU, we should not
    rely on that impl detail from an API permissioning POV.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Index: libvirt-1.1.2/src/libvirt.c
===================================================================
--- libvirt-1.1.2.orig/src/libvirt.c
+++ libvirt-1.1.2/src/libvirt.c
@@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC
         virDispatchError(NULL);
         return NULL;
     }
+    if (conn->flags & VIR_CONNECT_RO) {
+        virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+        goto error;
+    }
 
     virCheckNonNullArgGoto(nativeFormat, error);
     virCheckNonNullArgGoto(nativeConfig, error);
Index: libvirt-1.1.2/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
+++ libvirt-1.1.2/src/remote/remote_protocol.x
@@ -3812,13 +3812,13 @@ enum remote_procedure {
 
     /**
      * @generate: both
-     * @acl: connect:read
+     * @acl: connect:write
      */
     REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135,
 
     /**
      * @generate: both
-     * @acl: connect:read
+     * @acl: connect:write
      */
     REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136,