[libvirt] [PATCH 00/14] Fix flaw in virt-login-shell CVE-2013-4400
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The following series of patches have been pushed to master as a
fix for CVE-2013-4400.
The first four patches are the core fix. The remaining 10 patches
are preventative measures to help avoid further problems in the
future.
I will be pushing at least the first 4 patches to stable branches
and any of the further patches if I find they apply without merge
problems.
Daniel P. Berrange (14):
Add helpers for getting env vars in a setuid environment
Only allow 'stderr' log output when running setuid (CVE-2013-4400)
Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
Set a sane $PATH for virt-login-shell
Make virCommand env handling robust in setuid env
Remove all direct use of getenv
Block all use of getenv with syntax-check
Only allow the UNIX transport in remote driver when setuid
Don't allow remote driver daemon autostart when running setuid
Add stub getegid impl for platforms lacking it
Remove (nearly) all use of getuid()/getgid()
Block all use of libvirt.so in setuid programs
Move virt-login-shell into libvirt-login-shell sub-RPM
Makefile.am | 1 +
bootstrap.conf | 1 +
cfg.mk | 8 ++++
config-post.h | 44 ++++++++++++++++++
configure.ac | 1 +
daemon/Makefile.am | 1 +
daemon/libvirtd.c | 2 +-
examples/domain-events/events-c/Makefile.am | 3 +-
examples/hellolibvirt/Makefile.am | 2 +-
examples/openauth/Makefile.am | 2 +-
gnulib/lib/Makefile.am | 2 +-
libvirt.spec.in | 28 +++++++----
python/Makefile.am | 1 +
src/Makefile.am | 72 +++++++++++++++++++++++++++++
src/driver.c | 3 +-
src/libvirt.c | 54 +++++++++++++++-------
src/libvirt_private.syms | 6 ++-
src/locking/lock_daemon.c | 6 +--
src/locking/lock_driver_lockd.c | 6 +--
src/locking/lock_manager.c | 2 +-
src/lxc/lxc_controller.c | 2 +-
src/lxc/lxc_driver.c | 4 +-
src/lxc/lxc_process.c | 2 +-
src/qemu/qemu_command.c | 8 ++--
src/qemu/qemu_driver.c | 6 +--
src/remote/remote_driver.c | 37 +++++++++++----
src/rpc/virnetsocket.c | 16 +++----
src/rpc/virnettlscontext.c | 4 +-
src/storage/storage_backend.c | 4 +-
src/storage/storage_backend_fs.c | 4 +-
src/storage/storage_backend_logical.c | 2 +-
src/util/virauth.c | 2 +-
src/util/vircommand.c | 50 +++++++++++++++-----
src/util/vircommand.h | 8 +++-
src/util/virfile.c | 23 +++++----
src/util/viridentity.c | 8 ++--
src/util/virlog.c | 18 ++++++--
src/util/virrandom.c | 2 +-
src/util/virstoragefile.c | 2 +-
src/util/virutil.c | 47 +++++++++++++++++--
src/util/virutil.h | 8 ++++
src/vbox/vbox_XPCOMCGlue.c | 2 +-
src/vbox/vbox_driver.c | 2 +-
src/vbox/vbox_tmpl.c | 6 +--
tests/commandtest.c | 8 ++--
tests/qemumonitortestutils.c | 2 +-
tests/virnetsockettest.c | 4 +-
tools/Makefile.am | 9 +++-
tools/virsh.c | 18 ++++----
tools/virt-login-shell.c | 14 ++++++
50 files changed, 430 insertions(+), 137 deletions(-)
create mode 100644 config-post.h
--
1.8.3.1