On 10/21/2013 07:12 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Avoid people introducing security flaws in their apps by forbidding the use of libvirt.so in setuid programs, with a check in virInitialize.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/libvirt.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/src/libvirt.c b/src/libvirt.c index 96d8fdc..d76e537 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -409,6 +409,14 @@ virGlobalInit(void) virErrorInitialize() < 0) goto error;
+#ifndef IN_VIRT_LOGIN_SHELL
Oops. This spelling is from an earlier version of your patch series. But in the version you committed, patch 4/14 (commit 3e2f27e1) named it the more generic LIBVIRT_SETUID_RPC_CLIENT. Which means IN_VIRT_LOGIN_SHELL is never defined,...
+ if (virIsSUID()) {
...so virt-login-shell happily reports that it is setuid...
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("libvirt.so is not safe to use from setuid programs"));
...and we have killed it. Two separate killers in our CVE fix - not a good track record on testing things ;( -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org