[libvirt] [PATCH] CVE-2011-1146
Hi, attached patch adds the missing checks for https://bugzilla.redhat.com/show_bug.cgi?id=683650 O.k. to apply? Cheers, -- Guido
On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote:
Hi, attached patch adds the missing checks for
https://bugzilla.redhat.com/show_bug.cgi?id=683650
O.k. to apply? Cheers, -- Guido
This led me to review the full set of entry points. Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative for the following reason: paphio:~ -> grep shutdown test.xml <emulator>/sbin/shutdown</emulator> paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native --format qemu-argv --xml test.xml error: internal error Child process exited with status 1. paphio:~ -> Sure "/sbin/shutdown --help" fails, but it's still a remote execution hazard which should not be allowed on readon only connections, I prefer to close now since it's in same class of errors. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
Hi Daniel, On Mon, Mar 14, 2011 at 11:25:08AM +0800, Daniel Veillard wrote:
On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote:
Hi, attached patch adds the missing checks for
https://bugzilla.redhat.com/show_bug.cgi?id=683650
O.k. to apply? Cheers, -- Guido
This led me to review the full set of entry points. Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative for the following reason:
paphio:~ -> grep shutdown test.xml <emulator>/sbin/shutdown</emulator> paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native --format qemu-argv --xml test.xml error: internal error Child process exited with status 1.
paphio:~ ->
Sure "/sbin/shutdown --help" fails, but it's still a remote execution hazard which should not be allowed on readon only connections, I prefer to close now since it's in same class of errors.
Good catch. I missed that one during my review. Thanks for applying the patch! Cheers, -- Guido
Daniel
-- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On Mon, Mar 14, 2011 at 09:08:36AM +0100, Guido Günther wrote:
Hi Daniel, On Mon, Mar 14, 2011 at 11:25:08AM +0800, Daniel Veillard wrote:
On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote:
Hi, attached patch adds the missing checks for
https://bugzilla.redhat.com/show_bug.cgi?id=683650
O.k. to apply? Cheers, -- Guido
This led me to review the full set of entry points. Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative for the following reason:
paphio:~ -> grep shutdown test.xml <emulator>/sbin/shutdown</emulator> paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native --format qemu-argv --xml test.xml error: internal error Child process exited with status 1.
paphio:~ ->
Sure "/sbin/shutdown --help" fails, but it's still a remote execution hazard which should not be allowed on readon only connections, I prefer to close now since it's in same class of errors.
Good catch. I missed that one during my review.
Well that one is a bit hidden, it's really due to way the internal QEmu driver works, reverse operation should a priori be fine.
Thanks for applying the patch!
No problem, thanks for chasing them, I think it's now 4 of us who went though the full API set, hopefully we're safe now :-) Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel Veillard -
Guido Günther