SHA256
1
0
forked from pool/qemu
qemu/qemu-bridge-helper-reduce-security-profi.patch
Bruce Rogers 0f796dd004 Accepting request 730437 from Virtualization:Staging
Update to v4.1.0. Also includes other major packaging changes as follows:
There is a new package maintenance workflow - see README.PACKAGING for details.
The sibling packages qemu-linux-user and qemu-testsuite are now created with the Build Service's MultiBuild feature. This also necessitates combining the qemu-linux-user changelog content back into qemu's. Luckily the delta there is quite small. Note that the qemu spec file is now that much busier, but added section markers should help reduce the confusion. Also qemu is being enabled for RISCV host compatibility, so some changes are related to that as well.

OBS-URL: https://build.opensuse.org/request/show/730437
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=487
2019-09-12 15:54:03 +00:00

81 lines
2.6 KiB
Diff

From: Bruce Rogers <brogers@suse.com>
Date: Tue, 2 Aug 2016 11:36:02 -0600
Subject: qemu-bridge-helper: reduce security profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
References: boo#988279
Change from using glib alloc and free routines to those
from libc. Also perform safety measure of dropping privs
to user if configured no-caps.
Signed-off-by: Bruce Rogers <brogers@suse.com>
[AF: Rebased for v2.7.0-rc2]
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
qemu-bridge-helper.c | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
index 3d50ec094c794b9c0835628f10c5..f2291b398f8e4589f649af226dba 100644
--- a/qemu-bridge-helper.c
+++ b/qemu-bridge-helper.c
@@ -123,7 +123,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
}
if (strcmp(cmd, "deny") == 0) {
- acl_rule = g_malloc(sizeof(*acl_rule));
+ acl_rule = calloc(1, sizeof(*acl_rule));
+ if (!acl_rule) {
+ fclose(f);
+ errno = ENOMEM;
+ return -1;
+ }
if (strcmp(arg, "all") == 0) {
acl_rule->type = ACL_DENY_ALL;
} else {
@@ -132,7 +137,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
}
QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
} else if (strcmp(cmd, "allow") == 0) {
- acl_rule = g_malloc(sizeof(*acl_rule));
+ acl_rule = calloc(1, sizeof(*acl_rule));
+ if (!acl_rule) {
+ fclose(f);
+ errno = ENOMEM;
+ return -1;
+ }
if (strcmp(arg, "all") == 0) {
acl_rule->type = ACL_ALLOW_ALL;
} else {
@@ -433,6 +443,18 @@ int main(int argc, char **argv)
goto cleanup;
}
+#ifndef CONFIG_LIBCAP
+ /*
+ * avoid sending the fd as root user if running suid to not fool
+ * peer credentials to daemons that dont expect that
+ */
+ if (setuid(getuid()) < 0) {
+ fprintf(stderr, "Failed to drop privileges.\n");
+ ret = EXIT_FAILURE;
+ goto cleanup;
+ }
+#endif
+
/* write fd to the domain socket */
if (send_fd(unixfd, fd) == -1) {
fprintf(stderr, "failed to write fd to unix socket: %s\n",
@@ -454,7 +476,7 @@ cleanup:
}
while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
- g_free(acl_rule);
+ free(acl_rule);
}
return ret;