Re: [libvirt] [PATCH 03/14] Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
On 10/21/2013 07:12 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
We don't want to inherit any FDs in the new namespace
except for the stdio FDs. Explicitly close them all,
just in case some do not have the close-on-exec flag
set.
Not only did this fix the CVE, it made virt-login-shell completely
useless. :(
Is anyone actually using this program?
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tools/virt-login-shell.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c
index c754ae4..0196950 100644
--- a/tools/virt-login-shell.c
+++ b/tools/virt-login-shell.c
@@ -313,6 +313,18 @@ main(int argc, char **argv)
Adding some additional context:
if ((nfdlist = virDomainLxcOpenNamespace(dom, &fdlist, 0)) < 0)
goto cleanup;
...
if (cpid == 0) {
pid_t ccpid;
+ int openmax = sysconf(_SC_OPEN_MAX);
+ int fd;
+ if (openmax < 0) {
+ virReportSystemError(errno, "%s",
+ _("sysconf(_SC_OPEN_MAX) failed"));
+ return EXIT_FAILURE;
+ }
+ for (fd = 3; fd < openmax; fd++) {
+ int tmpfd = fd;
+ VIR_MASS_CLOSE(tmpfd);
+ }
+
/* Fork once because we don't want to affect
* virt-login-shell's namespace itself
*/
and more context:
if (nfdlist > 0) {
if (virDomainLxcEnterNamespace(dom,
nfdlist,
fdlist,
NULL,
NULL,
0) < 0)
Oops. We just closed every fd larger than stderr, which means fdlist is
now useless, and virDomainLxcEnterNamespace is guaranteed to fail, which
means we are guaranteed to not switch namespaces.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)