fbc8207b73
Update to qemu 3.1.0-rc5. Is almost certainly the last rc, so should be same as 3.1.0 final. Putting into devel project 'early' because of SLE and Leap needs, not to get into Factory early. Look for the final 3.1 within a week. OBS-URL: https://build.opensuse.org/request/show/655897 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=433
80 lines
2.6 KiB
Diff
80 lines
2.6 KiB
Diff
From db11beabd6c2e310717da998efdca8f2884fd719 Mon Sep 17 00:00:00 2001
|
|
From: Bruce Rogers <brogers@suse.com>
|
|
Date: Tue, 2 Aug 2016 11:36:02 -0600
|
|
Subject: [PATCH] qemu-bridge-helper: reduce security profile
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Change from using glib alloc and free routines to those
|
|
from libc. Also perform safety measure of dropping privs
|
|
to user if configured no-caps.
|
|
|
|
[BR: BOO#988279]
|
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
[AF: Rebased for v2.7.0-rc2]
|
|
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
---
|
|
qemu-bridge-helper.c | 27 ++++++++++++++++++++++++---
|
|
1 file changed, 24 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
|
|
index 5396fbfbb6..f3710b80a3 100644
|
|
--- a/qemu-bridge-helper.c
|
|
+++ b/qemu-bridge-helper.c
|
|
@@ -110,7 +110,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
|
*argend = 0;
|
|
|
|
if (strcmp(cmd, "deny") == 0) {
|
|
- acl_rule = g_malloc(sizeof(*acl_rule));
|
|
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
|
+ if (!acl_rule) {
|
|
+ fclose(f);
|
|
+ errno = ENOMEM;
|
|
+ return -1;
|
|
+ }
|
|
if (strcmp(arg, "all") == 0) {
|
|
acl_rule->type = ACL_DENY_ALL;
|
|
} else {
|
|
@@ -119,7 +124,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
|
|
}
|
|
QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry);
|
|
} else if (strcmp(cmd, "allow") == 0) {
|
|
- acl_rule = g_malloc(sizeof(*acl_rule));
|
|
+ acl_rule = calloc(1, sizeof(*acl_rule));
|
|
+ if (!acl_rule) {
|
|
+ fclose(f);
|
|
+ errno = ENOMEM;
|
|
+ return -1;
|
|
+ }
|
|
if (strcmp(arg, "all") == 0) {
|
|
acl_rule->type = ACL_ALLOW_ALL;
|
|
} else {
|
|
@@ -413,6 +423,17 @@ int main(int argc, char **argv)
|
|
goto cleanup;
|
|
}
|
|
|
|
+#ifndef CONFIG_LIBCAP
|
|
+ /* avoid sending the fd as root user if running suid to not fool
|
|
+ * peer credentials to daemons that dont expect that
|
|
+ */
|
|
+ if (setuid(getuid()) < 0) {
|
|
+ fprintf(stderr, "Failed to drop privileges.\n");
|
|
+ ret = EXIT_FAILURE;
|
|
+ goto cleanup;
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* write fd to the domain socket */
|
|
if (send_fd(unixfd, fd) == -1) {
|
|
fprintf(stderr, "failed to write fd to unix socket: %s\n",
|
|
@@ -434,7 +455,7 @@ cleanup:
|
|
}
|
|
while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) {
|
|
QSIMPLEQ_REMOVE_HEAD(&acl_list, entry);
|
|
- g_free(acl_rule);
|
|
+ free(acl_rule);
|
|
}
|
|
|
|
return ret;
|