On Mon, Mar 14, 2011 at 09:08:36AM +0100, Guido Günther wrote: > Hi Daniel, > On Mon, Mar 14, 2011 at 11:25:08AM +0800, Daniel Veillard wrote: > > On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote: > > > Hi, > > > attached patch adds the missing checks for > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=683650 > > > > > > O.k. to apply? > > > Cheers, > > > -- Guido > > > > This led me to review the full set of entry points. > > Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative > > for the following reason: > > > > paphio:~ -> grep shutdown test.xml > > <emulator>/sbin/shutdown</emulator> > > paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native > > --format qemu-argv --xml test.xml > > error: internal error Child process exited with status 1. > > > > paphio:~ -> > > > > Sure "/sbin/shutdown --help" fails, but it's still a remote > > execution hazard which should not be allowed on readon only connections, > > I prefer to close now since it's in same class of errors. > > Good catch. I missed that one during my review. Well that one is a bit hidden, it's really due to way the internal QEmu driver works, reverse operation should a priori be fine. > Thanks for applying the > patch! No problem, thanks for chasing them, I think it's now 4 of us who went though the full API set, hopefully we're safe now :-) Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list