Re: [PATCH 13/14] Block all use of libvirt.so in setuid programs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/21/2013 07:12 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
> 
> Avoid people introducing security flaws in their apps by
> forbidding the use of libvirt.so in setuid programs, with
> a check in virInitialize.
> 
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
>  src/libvirt.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/src/libvirt.c b/src/libvirt.c
> index 96d8fdc..d76e537 100644
> --- a/src/libvirt.c
> +++ b/src/libvirt.c
> @@ -409,6 +409,14 @@ virGlobalInit(void)
>          virErrorInitialize() < 0)
>          goto error;
>  
> +#ifndef IN_VIRT_LOGIN_SHELL

Oops.  This spelling is from an earlier version of your patch series.
But in the version you committed, patch 4/14 (commit 3e2f27e1) named it
the more generic LIBVIRT_SETUID_RPC_CLIENT.  Which means
IN_VIRT_LOGIN_SHELL is never defined,...

> +    if (virIsSUID()) {

...so virt-login-shell happily reports that it is setuid...

> +        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                       _("libvirt.so is not safe to use from setuid programs"));

...and we have killed it.  Two separate killers in our CVE fix - not a
good track record on testing things ;(

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]