forked from pool/libvirt
- CVE-2014-7823: dumpxml: security hole with migratable flag
b1674ad5-CVE-2014-7823.patch bsc#904176 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=418
This commit is contained in:
parent
084e297a8a
commit
d97b2f8ea8
57
b1674ad5-CVE-2014-7823.patch
Normal file
57
b1674ad5-CVE-2014-7823.patch
Normal file
@ -0,0 +1,57 @@
|
||||
commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
|
||||
Author: Eric Blake <eblake@redhat.com>
|
||||
Date: Fri Oct 31 22:14:07 2014 -0600
|
||||
|
||||
CVE-2014-7823: dumpxml: security hole with migratable flag
|
||||
|
||||
Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
|
||||
the qemu implementation of virDomainGetXMLDesc, the use of the
|
||||
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
|
||||
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
|
||||
prior to calling qemuDomainFormatXML. However, the use of
|
||||
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
|
||||
clients only. This patch treats the migratable flag as requiring
|
||||
the same permissions, rather than analyzing what might break if
|
||||
migratable xml no longer includes secret information.
|
||||
|
||||
Fortunately, the information leak is low-risk: all that is gated
|
||||
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
|
||||
but VNC passwords are already weak (FIPS forbids their use, and
|
||||
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
|
||||
password sent in plaintext over the network deserves what they
|
||||
get). SPICE offers better security than VNC, and all other
|
||||
secrets are properly protected by use of virSecret associations
|
||||
rather than direct output in domain XML.
|
||||
|
||||
* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
|
||||
Tighten rules on use of migratable flag.
|
||||
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
|
||||
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
|
||||
Index: libvirt-1.2.10/src/libvirt-domain.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/libvirt-domain.c
|
||||
+++ libvirt-1.2.10/src/libvirt-domain.c
|
||||
@@ -2607,7 +2607,8 @@ virDomainGetXMLDesc(virDomainPtr domain,
|
||||
virCheckDomainReturn(domain, NULL);
|
||||
conn = domain->conn;
|
||||
|
||||
- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
|
||||
+ if ((conn->flags & VIR_CONNECT_RO) &&
|
||||
+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) {
|
||||
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
||||
_("virDomainGetXMLDesc with secure flag"));
|
||||
goto error;
|
||||
Index: libvirt-1.2.10/src/remote/remote_protocol.x
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/remote/remote_protocol.x
|
||||
+++ libvirt-1.2.10/src/remote/remote_protocol.x
|
||||
@@ -3255,6 +3255,7 @@ enum remote_procedure {
|
||||
* @generate: both
|
||||
* @acl: domain:read
|
||||
* @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
|
||||
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE
|
||||
*/
|
||||
REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 10 22:01:31 MST 2014 - jfehlig@suse.com
|
||||
|
||||
- CVE-2014-7823: dumpxml: security hole with migratable flag
|
||||
b1674ad5-CVE-2014-7823.patch
|
||||
bsc#904176
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 3 11:08:49 MST 2014 - jfehlig@suse.com
|
||||
|
||||
|
@ -434,6 +434,7 @@ Source3: libvirtd.init
|
||||
Source4: libvirtd-relocation-server.fw
|
||||
Source99: baselibs.conf
|
||||
# Upstream patches
|
||||
Patch0: b1674ad5-CVE-2014-7823.patch
|
||||
# Patches pending upstream review
|
||||
# Need to go upstream
|
||||
Patch150: xen-name-for-devid.patch
|
||||
@ -965,6 +966,7 @@ Provides a dissector for the libvirt RPC protocol to help debugging it.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch150 -p1
|
||||
%patch151 -p1
|
||||
%patch152 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user