2017-10-04 00:19:51 +02:00
|
|
|
From 9d3f31c6f079728dac949d04623df82ffffeacd2 Mon Sep 17 00:00:00 2001
|
2016-08-04 15:09:24 +02:00
|
|
|
From: Bruce Rogers <brogers@suse.com>
|
|
|
|
Date: Tue, 2 Aug 2016 11:36:02 -0600
|
|
|
|
Subject: [PATCH] qemu-bridge-helper: reduce security profile
|
2016-09-19 19:06:58 +02:00
|
|
|
MIME-Version: 1.0
|
|
|
|
Content-Type: text/plain; charset=UTF-8
|
|
|
|
Content-Transfer-Encoding: 8bit
|
2016-08-04 15:09:24 +02:00
|
|
|
|
|
|
|
Change from using glib alloc and free routines to those
|
|
|
|
from libc. Also perform safety measure of dropping privs
|
|
|
|
to user if configured no-caps.
|
|
|
|
|
|
|
|
[BR: BOO#988279]
|
|
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
2016-09-19 19:06:58 +02:00
|
|
|
[AF: Rebased for v2.7.0-rc2]
|
|
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
2016-08-04 15:09:24 +02:00
|
|
|
---
|
2016-09-19 19:06:58 +02:00
|
|
|
qemu-bridge-helper.c | 27 ++++++++++++++++++++++++---
|
|
|
|
1 file changed, 24 insertions(+), 3 deletions(-)
|
2016-08-04 15:09:24 +02:00
|
|
|
|
|
|
|
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
|
2017-05-05 17:05:43 +02:00
|
|
|
index 5396fbfbb6..f3710b80a3 100644
|
2016-08-04 15:09:24 +02:00
|
|
|
--- a/qemu-bridge-helper.c
|
|
|
|
+++ b/qemu-bridge-helper.c
|
2016-09-19 19:06:58 +02:00
|
|
|
@@ -110,7 +110,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
2016-08-04 15:09:24 +02:00
|
|
|
*argend = 0;
|
|
|
|
|
|
|
|
if (strcmp(cmd, "deny") == 0) {
|
|
|
|
- acl_rule = g_malloc(sizeof(*acl_rule));
|
|
|
|
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
|
|
|
+ if (!acl_rule) {
|
|
|
|
+ fclose(f);
|
|
|
|
+ errno = ENOMEM;
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
if (strcmp(arg, "all") == 0) {
|
|
|
|
acl_rule->type = ACL_DENY_ALL;
|
|
|
|
} else {
|
2016-09-19 19:06:58 +02:00
|
|
|
@@ -119,7 +124,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
2016-08-04 15:09:24 +02:00
|
|
|
}
|
|
|
|
QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
|
|
|
|
} else if (strcmp(cmd, "allow") == 0) {
|
|
|
|
- acl_rule = g_malloc(sizeof(*acl_rule));
|
|
|
|
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
|
|
|
+ if (!acl_rule) {
|
|
|
|
+ fclose(f);
|
|
|
|
+ errno = ENOMEM;
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
if (strcmp(arg, "all") == 0) {
|
|
|
|
acl_rule->type = ACL_ALLOW_ALL;
|
|
|
|
} else {
|
2016-09-19 19:06:58 +02:00
|
|
|
@@ -413,6 +423,17 @@ int main(int argc, char **argv)
|
2016-08-04 15:09:24 +02:00
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
+#ifndef CONFIG_LIBCAP
|
|
|
|
+ /* avoid sending the fd as root user if running suid to not fool
|
|
|
|
+ * peer credentials to daemons that dont expect that
|
|
|
|
+ */
|
|
|
|
+ if (setuid(getuid()) < 0) {
|
|
|
|
+ fprintf(stderr, "Failed to drop privileges.\n");
|
|
|
|
+ ret = EXIT_FAILURE;
|
|
|
|
+ goto cleanup;
|
|
|
|
+ }
|
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
/* write fd to the domain socket */
|
|
|
|
if (send_fd(unixfd, fd) == -1) {
|
|
|
|
fprintf(stderr, "failed to write fd to unix socket: %s\n",
|
2016-09-19 19:06:58 +02:00
|
|
|
@@ -434,7 +455,7 @@ cleanup:
|
2016-08-04 15:09:24 +02:00
|
|
|
}
|
|
|
|
while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
|
|
|
|
QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
|
|
|
|
- g_free(acl_rule);
|
|
|
|
+ free(acl_rule);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|