Re: [PATCH] Introduce virConnectCrashDaemon API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Apr 01, 2014 at 09:44:16AM +0200, Peter Krempa wrote:

On 04/01/14 09:34, Ján Tomko wrote:

This reduces the affect of an unexpected DoS vulnerablity in libvirtd.
---
 include/libvirt/libvirt.h.in | 13 +++++++++++++
 src/driver.h                 |  5 +++++
 src/libvirt.c                | 32 +++++++++++++++++++++++++++++++
 src/libvirt_private.syms     |  1 +
 src/libvirt_public.syms      |  4 ++++
 src/qemu/qemu_driver.c       | 16 ++++++++++++++++
 src/remote/remote_driver.c   |  1 +
 src/remote/remote_protocol.x | 15 ++++++++++++++-
 src/util/virutil.c           | 23 ++++++++++++++++++++++
 src/util/virutil.h           |  1 +
 tools/virsh-host.c           | 45 ++++++++++++++++++++++++++++++++++++++++++++
 11 files changed, 155 insertions(+), 1 deletion(-)



...


+
+static bool
+cmdCrash(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED)
+{
+    unsigned int flags = VIR_CONNECT_CRASH_RANDOM;
+
+    if (vshCommandOptBool(cmd, "null"))
+        flags = VIR_CONNECT_CRASH_NULL_PTR;
+    if (vshCommandOptBool(cmd, "doublefree"))
+        flags = VIR_CONNECT_CRASH_DOUBLE_FREE;


The random crash method is not accessible here.


+
+    virConnectCrashDaemon(ctl->conn, flags);
+    return true;
+}
+
 const vshCmdDef hostAndHypervisorCmds[] = {
     {.name = "capabilities",
      .handler = cmdCapabilities,


I really like this API, this will allow us to decrease load on the
libvirt-security list and avoid us having to go through the tedious CVE
process for every little crasher.

Additionally it will help attackers to avoid having to look through
complex code paths to crash the daemon by presenting them with a very
userfriendly API!



Unfortunately, this is not true if the daemon does not have a qemu
driver since it is implemented only in there.  This should rather be a
method in daemon/remote.c which would make it available in the daemon
without any particular driver.

Also, this should have @priority: high, not specifying the priority
makes it default to low which you really don't want to since it would
not be available if no priority workers are available.

Looking forward to v2 (in one year, is it?) :-)

Martin


ACK if you support the random crash method too ;)

Peter






--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]