On Wed, Sep 02, 2020 at 18:54:36 +0100, Daniel P. Berrangé wrote:
The systemd .socket unit files we ship for libvirt daemons use SocketMode=0666 on the assumption that libvirt is built with polkit which provides access control.
Some people, however, may have explicitly turned off polkit at build time and not realize that leaves them insecure unless they also change the SocketMode. This addresses that problem by making the SocketMode default to 0600 when polkit is disabled at compile time.
Note we cannot automatically fix the case where the user compiles polkit, but then overrides the libvirtd.conf defaults to disable polkit. This is what lead to CVE-2020-15708 in Ubuntu 20.10. We can at least improve the inline comments in the config file to give a clearer warning though, which may have helped avoid the mistaken config.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/meson.build | 11 ++++++++++ src/remote/libvirtd.conf.in | 40 ++++++++++++++++++++++++++--------- src/remote/libvirtd.socket.in | 2 +- 3 files changed, 42 insertions(+), 11 deletions(-)
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>