Hi Daniel, On Mon, Mar 14, 2011 at 11:25:08AM +0800, Daniel Veillard wrote: > On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote: > > Hi, > > attached patch adds the missing checks for > > > > https://bugzilla.redhat.com/show_bug.cgi?id=683650 > > > > O.k. to apply? > > Cheers, > > -- Guido > > This led me to review the full set of entry points. > Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative > for the following reason: > > paphio:~ -> grep shutdown test.xml > <emulator>/sbin/shutdown</emulator> > paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native > --format qemu-argv --xml test.xml > error: internal error Child process exited with status 1. > > paphio:~ -> > > Sure "/sbin/shutdown --help" fails, but it's still a remote > execution hazard which should not be allowed on readon only connections, > I prefer to close now since it's in same class of errors. Good catch. I missed that one during my review. Thanks for applying the patch! Cheers, -- Guido > > Daniel > > -- > Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ > daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ > http://veillard.com/ | virtualization library http://libvirt.org/ > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list