36ac86c950
Update to rc4 of v2.9.0. Also includes a few other fixes, and a number of tweaks to the spec files. I'd be happy to answer any questions about all those spec file changes, I believe they were all in the direction of a more correct and maintainable spec file. Since this is still in rc phase, let's keep it in devel project. Final release should appear in time for Beta2 of SLE12SP3. Delta from previous: Added Alex's patch for keyboard empty event. OBS-URL: https://build.opensuse.org/request/show/487699 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=334
80 lines
2.6 KiB
Diff
80 lines
2.6 KiB
Diff
From 24a2a58f20802a36f06bd2e74339714b4f1831fb Mon Sep 17 00:00:00 2001
|
|
From: Bruce Rogers <brogers@suse.com>
|
|
Date: Tue, 2 Aug 2016 11:36:02 -0600
|
|
Subject: [PATCH] qemu-bridge-helper: reduce security profile
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Change from using glib alloc and free routines to those
|
|
from libc. Also perform safety measure of dropping privs
|
|
to user if configured no-caps.
|
|
|
|
[BR: BOO#988279]
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
[AF: Rebased for v2.7.0-rc2]
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
---
|
|
qemu-bridge-helper.c | 27 ++++++++++++++++++++++++---
|
|
1 file changed, 24 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
|
|
index 5396fbfbb6..f3710b80a3 100644
|
|
--- a/qemu-bridge-helper.c
|
|
+++ b/qemu-bridge-helper.c
|
|
@@ -110,7 +110,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
|
*argend = 0;
|
|
|
|
if (strcmp(cmd, "deny") == 0) {
|
|
- acl_rule = g_malloc(sizeof(*acl_rule));
|
|
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
|
+ if (!acl_rule) {
|
|
+ fclose(f);
|
|
+ errno = ENOMEM;
|
|
+ return -1;
|
|
+ }
|
|
if (strcmp(arg, "all") == 0) {
|
|
acl_rule->type = ACL_DENY_ALL;
|
|
} else {
|
|
@@ -119,7 +124,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
|
}
|
|
QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
|
|
} else if (strcmp(cmd, "allow") == 0) {
|
|
- acl_rule = g_malloc(sizeof(*acl_rule));
|
|
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
|
+ if (!acl_rule) {
|
|
+ fclose(f);
|
|
+ errno = ENOMEM;
|
|
+ return -1;
|
|
+ }
|
|
if (strcmp(arg, "all") == 0) {
|
|
acl_rule->type = ACL_ALLOW_ALL;
|
|
} else {
|
|
@@ -413,6 +423,17 @@ int main(int argc, char **argv)
|
|
goto cleanup;
|
|
}
|
|
|
|
+#ifndef CONFIG_LIBCAP
|
|
+ /* avoid sending the fd as root user if running suid to not fool
|
|
+ * peer credentials to daemons that dont expect that
|
|
+ */
|
|
+ if (setuid(getuid()) < 0) {
|
|
+ fprintf(stderr, "Failed to drop privileges.\n");
|
|
+ ret = EXIT_FAILURE;
|
|
+ goto cleanup;
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* write fd to the domain socket */
|
|
if (send_fd(unixfd, fd) == -1) {
|
|
fprintf(stderr, "failed to write fd to unix socket: %s\n",
|
|
@@ -434,7 +455,7 @@ cleanup:
|
|
}
|
|
while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
|
|
QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
|
|
- g_free(acl_rule);
|
|
+ free(acl_rule);
|
|
}
|
|
|
|
return ret;
|