On 10/21/2013 07:12 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
>
> We don't want to inherit any FDs in the new namespace
> except for the stdio FDs. Explicitly close them all,
> just in case some do not have the close-on-exec flag
> set.
Not only did this fix the CVE, it made virt-login-shell completely
useless. :(
Is anyone actually using this program?
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
> tools/virt-login-shell.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c
> index c754ae4..0196950 100644
> --- a/tools/virt-login-shell.c
> +++ b/tools/virt-login-shell.c
> @@ -313,6 +313,18 @@ main(int argc, char **argv)
Adding some additional context:
if ((nfdlist = virDomainLxcOpenNamespace(dom, &fdlist, 0)) < 0)
goto cleanup;
...
> if (cpid == 0) {
> pid_t ccpid;
>
> + int openmax = sysconf(_SC_OPEN_MAX);
> + int fd;
> + if (openmax < 0) {
> + virReportSystemError(errno, "%s",
> + _("sysconf(_SC_OPEN_MAX) failed"));
> + return EXIT_FAILURE;
> + }
> + for (fd = 3; fd < openmax; fd++) {
> + int tmpfd = fd;
> + VIR_MASS_CLOSE(tmpfd);
> + }
> +
> /* Fork once because we don't want to affect
> * virt-login-shell's namespace itself
> */
and more context:
if (nfdlist > 0) {
if (virDomainLxcEnterNamespace(dom,
nfdlist,
fdlist,
NULL,
NULL,
0) < 0)
Oops. We just closed every fd larger than stderr, which means fdlist is
now useless, and virDomainLxcEnterNamespace is guaranteed to fail, which
means we are guaranteed to not switch namespaces.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list