Re: [PATCH] schema: Relax schema for domain name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 23, 2012 at 06:53:17PM +0100, Peter Krempa wrote:
> The domain schema enforced restrictions on the domain name string that
> the code doesn't. This patch relaxes the check, leaving the restrictions
> on the driver or hypervisor.
> ---
> And maybe we should consider adding some restrictions on the qemu driver, as the daemon
> is competely fine with creating a domain with the name "../../../../../../../test" that
> has its configuration stored in "/test.xml" then.
> 
>  docs/schemas/domaincommon.rng |    4 +---
>  1 files changed, 1 insertions(+), 3 deletions(-)
> 
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 2041dfb..1922cd6 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -3003,9 +3003,7 @@
>      </data>
>    </define>
>    <define name="domainName">
> -    <data type="string">
> -      <param name="pattern">[A-Za-z0-9_\.\+\-&amp;:/]+</param>
> -    </data>
> +    <data type="string" />
>    </define>
>    <define name="diskSerial">
>      <data type="string">

I don't think we should remove the pattern entirely. If we want a more
general pattern though, we could do an 'allow all', and blacklist
just '/' and perhaps a few other characters.

I think we should also fix the drivers to check this, since once we
have stricter access control support in libvirt, the kind of issue
you describe with QEMU will be classed as a CVE security exploit.


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]