On Wed, Sep 02, 2020 at 18:54:36 +0100, Daniel P. Berrangé wrote: > The systemd .socket unit files we ship for libvirt daemons use > SocketMode=0666 on the assumption that libvirt is built with > polkit which provides access control. > > Some people, however, may have explicitly turned off polkit at > build time and not realize that leaves them insecure unless > they also change the SocketMode. This addresses that problem > by making the SocketMode default to 0600 when polkit is > disabled at compile time. > > Note we cannot automatically fix the case where the user > compiles polkit, but then overrides the libvirtd.conf defaults > to disable polkit. This is what lead to CVE-2020-15708 in > Ubuntu 20.10. We can at least improve the inline comments > in the config file to give a clearer warning though, which > may have helped avoid the mistaken config. > > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > --- > src/meson.build | 11 ++++++++++ > src/remote/libvirtd.conf.in | 40 ++++++++++++++++++++++++++--------- > src/remote/libvirtd.socket.in | 2 +- > 3 files changed, 42 insertions(+), 11 deletions(-) Reviewed-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
