SHA256
1
0
forked from pool/qemu
qemu/0035-qemu-bridge-helper-reduce-security-.patch
Andreas Färber e7003b4a4b Accepting request 429462 from home:a_faerber:branches:Virtualization
Explicitly set two new options and drop ppc libatomic patch that was not accepted upstream and did not resolve all failures

OBS-URL: https://build.opensuse.org/request/show/429462
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=314
2016-09-22 14:28:43 +00:00

80 lines
2.6 KiB
Diff

From 5219d096e17d3623cc0e274f9d9988effb11e9a1 Mon Sep 17 00:00:00 2001
From: Bruce Rogers <brogers@suse.com>
Date: Tue, 2 Aug 2016 11:36:02 -0600
Subject: [PATCH] qemu-bridge-helper: reduce security profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change from using glib alloc and free routines to those
from libc. Also perform safety measure of dropping privs
to user if configured no-caps.
[BR: BOO#988279]
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
qemu-bridge-helper.c | 27 ++++++++++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index 5396fbf..f3710b8 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -110,7 +110,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
*argend = 0;
if (strcmp(cmd, "deny") == 0) {
- acl_rule = g_malloc(sizeof(*acl_rule));
+ acl_rule = calloc(1, sizeof(*acl_rule));
+ if (!acl_rule) {
+ fclose(f);
+ errno = ENOMEM;
+ return -1;
+ }
if (strcmp(arg, "all") == 0) {
acl_rule->type = ACL_DENY_ALL;
} else {
@@ -119,7 +124,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
}
QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
} else if (strcmp(cmd, "allow") == 0) {
- acl_rule = g_malloc(sizeof(*acl_rule));
+ acl_rule = calloc(1, sizeof(*acl_rule));
+ if (!acl_rule) {
+ fclose(f);
+ errno = ENOMEM;
+ return -1;
+ }
if (strcmp(arg, "all") == 0) {
acl_rule->type = ACL_ALLOW_ALL;
} else {
@@ -413,6 +423,17 @@ int main(int argc, char **argv)
goto cleanup;
}
+#ifndef CONFIG_LIBCAP
+ /* avoid sending the fd as root user if running suid to not fool
+ * peer credentials to daemons that dont expect that
+ */
+ if (setuid(getuid()) < 0) {
+ fprintf(stderr, "Failed to drop privileges.\n");
+ ret = EXIT_FAILURE;
+ goto cleanup;
+ }
+#endif
+
/* write fd to the domain socket */
if (send_fd(unixfd, fd) == -1) {
fprintf(stderr, "failed to write fd to unix socket: %s\n",
@@ -434,7 +455,7 @@ cleanup:
}
while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
- g_free(acl_rule);
+ free(acl_rule);
}
return ret;