On 10/21/2013 07:12 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
We don't want to inherit any FDs in the new namespace except for the stdio FDs. Explicitly close them all, just in case some do not have the close-on-exec flag set.
Not only did this fix the CVE, it made virt-login-shell completely useless. :( Is anyone actually using this program?
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- tools/virt-login-shell.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index c754ae4..0196950 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -313,6 +313,18 @@ main(int argc, char **argv)
Adding some additional context: if ((nfdlist = virDomainLxcOpenNamespace(dom, &fdlist, 0)) < 0) goto cleanup; ...
if (cpid == 0) { pid_t ccpid;
+ int openmax = sysconf(_SC_OPEN_MAX); + int fd; + if (openmax < 0) { + virReportSystemError(errno, "%s", + _("sysconf(_SC_OPEN_MAX) failed")); + return EXIT_FAILURE; + } + for (fd = 3; fd < openmax; fd++) { + int tmpfd = fd; + VIR_MASS_CLOSE(tmpfd); + } + /* Fork once because we don't want to affect * virt-login-shell's namespace itself */
and more context: if (nfdlist > 0) { if (virDomainLxcEnterNamespace(dom, nfdlist, fdlist, NULL, NULL, 0) < 0) Oops. We just closed every fd larger than stderr, which means fdlist is now useless, and virDomainLxcEnterNamespace is guaranteed to fail, which means we are guaranteed to not switch namespaces. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org