forked from pool/libvirt
fffa5dcc99
escalation via virt-login-shell ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, CVE-2013-4400-build-fix.patch bnc#837609 - CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native 57687fd6-CVE-2013-4401.patch bnc#845704 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=315
53 lines
1.8 KiB
Diff
53 lines
1.8 KiB
Diff
commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
|
|
Author: Daniel P. Berrange <berrange@redhat.com>
|
|
Date: Thu Oct 3 16:37:57 2013 +0100
|
|
|
|
Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
|
|
|
|
The virConnectDomainXMLToNative API should require 'connect:write'
|
|
not 'connect:read', since it will trigger execution of the QEMU
|
|
binaries listed in the XML.
|
|
|
|
Also make virConnectDomainXMLFromNative API require a full
|
|
read-write connection and 'connect:write' permission. Although the
|
|
current impl doesn't trigger execution of QEMU, we should not
|
|
rely on that impl detail from an API permissioning POV.
|
|
|
|
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
|
Index: libvirt-1.1.2/src/libvirt.c
|
|
===================================================================
|
|
--- libvirt-1.1.2.orig/src/libvirt.c
|
|
+++ libvirt-1.1.2/src/libvirt.c
|
|
@@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC
|
|
virDispatchError(NULL);
|
|
return NULL;
|
|
}
|
|
+ if (conn->flags & VIR_CONNECT_RO) {
|
|
+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
|
|
+ goto error;
|
|
+ }
|
|
|
|
virCheckNonNullArgGoto(nativeFormat, error);
|
|
virCheckNonNullArgGoto(nativeConfig, error);
|
|
Index: libvirt-1.1.2/src/remote/remote_protocol.x
|
|
===================================================================
|
|
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
|
|
+++ libvirt-1.1.2/src/remote/remote_protocol.x
|
|
@@ -3812,13 +3812,13 @@ enum remote_procedure {
|
|
|
|
/**
|
|
* @generate: both
|
|
- * @acl: connect:read
|
|
+ * @acl: connect:write
|
|
*/
|
|
REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135,
|
|
|
|
/**
|
|
* @generate: both
|
|
- * @acl: connect:read
|
|
+ * @acl: connect:write
|
|
*/
|
|
REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136,
|
|
|