Re: [PATCH] CVE-2011-1146

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Daniel,
On Mon, Mar 14, 2011 at 11:25:08AM +0800, Daniel Veillard wrote:
> On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote:
> > Hi,
> > attached patch adds the missing checks for
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=683650
> > 
> > O.k. to apply?
> > Cheers,
> >  -- Guido
> 
>   This led me to review the full set of entry points.
>   Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative
> for the following reason:
> 
> paphio:~ -> grep shutdown test.xml
>     <emulator>/sbin/shutdown</emulator>
> paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native
> --format qemu-argv --xml test.xml
> error: internal error Child process exited with status 1.
> 
> paphio:~ ->
> 
>   Sure "/sbin/shutdown --help" fails, but it's still a remote
> execution hazard which should not be allowed on readon only connections,
> I prefer to close now since it's in same class of errors.

Good catch. I missed that one during my review. Thanks for applying the
patch!
Cheers,
 -- Guido

> 
> Daniel
> 
> -- 
> Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
> daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
> http://veillard.com/ | virtualization library  http://libvirt.org/
> 

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]