libvirt/8c3586ea-CVE-2013-4400.patch

commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Wed Oct 9 10:59:36 2013 +0100

    Only allow 'stderr' log output when running setuid (CVE-2013-4400)
    
    We must not allow file/syslog/journald log outputs when running
    setuid since they can be abused to do bad things. In particular
    the 'file' output can be used to overwrite files.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Index: libvirt-1.1.2/src/util/virlog.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virlog.c
+++ libvirt-1.1.2/src/util/virlog.c
@@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit
  * Multiple output can be defined in a single @output, they just need to be
  * separated by spaces.
  *
+ * If running in setuid mode, then only the 'stderr' output will
+ * be allowed
+ *
  * Returns the number of output parsed and installed or -1 in case of error
  */
 int
@@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs)
     virLogPriority prio;
     int ret = -1;
     int count = 0;
+    bool isSUID = virIsSUID();
 
     if (cur == NULL)
         return -1;
@@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs)
             if (virLogAddOutputToStderr(prio) == 0)
                 count++;
         } else if (STREQLEN(cur, "syslog", 6)) {
+            if (isSUID)
+                goto cleanup;
             cur += 6;
             if (*cur != ':')
                 goto cleanup;
@@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs)
             VIR_FREE(name);
 #endif /* HAVE_SYSLOG_H */
         } else if (STREQLEN(cur, "file", 4)) {
+            if (isSUID)
+                goto cleanup;
             cur += 4;
             if (*cur != ':')
                 goto cleanup;
@@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs)
             VIR_FREE(name);
             VIR_FREE(abspath);
         } else if (STREQLEN(cur, "journald", 8)) {
+            if (isSUID)
+                goto cleanup;
             cur += 8;
 #if USE_JOURNALD
             if (virLogAddOutputToJournald(prio) == 0)
- CVE-2013-4400: Unsantized use of env variables allows privilege escalation via virt-login-shell ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, CVE-2013-4400-build-fix.patch bnc#837609 - CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native 57687fd6-CVE-2013-4401.patch bnc#845704 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=315 2013-10-21 23:49:57 +02:00			`commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994`
			`Author: Daniel P. Berrange <berrange@redhat.com>`
			`Date: Wed Oct 9 10:59:36 2013 +0100`

			`Only allow 'stderr' log output when running setuid (CVE-2013-4400)`

			`We must not allow file/syslog/journald log outputs when running`
			`setuid since they can be abused to do bad things. In particular`
			`the 'file' output can be used to overwrite files.`

			`Signed-off-by: Daniel P. Berrange <berrange@redhat.com>`

			`Index: libvirt-1.1.2/src/util/virlog.c`
			`===================================================================`
			`--- libvirt-1.1.2.orig/src/util/virlog.c`
			`+++ libvirt-1.1.2/src/util/virlog.c`
			`@@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit`
			`* Multiple output can be defined in a single @output, they just need to be`
			`* separated by spaces.`
			`*`
			`+ * If running in setuid mode, then only the 'stderr' output will`
			`+ * be allowed`
			`+ *`
			`* Returns the number of output parsed and installed or -1 in case of error`
			`*/`
			`int`
			`@@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs)`
			`virLogPriority prio;`
			`int ret = -1;`
			`int count = 0;`
			`+ bool isSUID = virIsSUID();`

			`if (cur == NULL)`
			`return -1;`
			`@@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs)`
			`if (virLogAddOutputToStderr(prio) == 0)`
			`count++;`
			`} else if (STREQLEN(cur, "syslog", 6)) {`
			`+ if (isSUID)`
			`+ goto cleanup;`
			`cur += 6;`
			`if (*cur != ':')`
			`goto cleanup;`
			`@@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs)`
			`VIR_FREE(name);`
			`#endif /* HAVE_SYSLOG_H */`
			`} else if (STREQLEN(cur, "file", 4)) {`
			`+ if (isSUID)`
			`+ goto cleanup;`
			`cur += 4;`
			`if (*cur != ':')`
			`goto cleanup;`
			`@@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs)`
			`VIR_FREE(name);`
			`VIR_FREE(abspath);`
			`} else if (STREQLEN(cur, "journald", 8)) {`
			`+ if (isSUID)`
			`+ goto cleanup;`
			`cur += 8;`
			`#if USE_JOURNALD`
			`if (virLogAddOutputToJournald(prio) == 0)`