On 02/05/2014 06:56 AM, Daniel P. Berrange wrote: > On Tue, Jan 28, 2014 at 03:48:19PM -0700, Eric Blake wrote: >> Commit f9f56340 for CVE-2014-0028 almost had the right idea - we >> need to check the ACL rules to filter which events to send. But >> it overlooked one thing: the event dispatch queue is running in >> the main loop thread, and therefore does not normally have a >> current virIdentityPtr. But filter checks can be based on current >> identity, so when libvirtd.conf contains access_drivers=["polkit"], >> we ended up rejecting access for EVERY event due to failure to >> look up the current identity, even if it should have been allowed. >> > > ACK Thanks; I've updated the commit message to mention https://bugzilla.redhat.com/show_bug.cgi?id=1058839, and will have the backport pushed to all affected maint branches shortly. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list