|
Daniel P. Berrangé |
d61e24 |
From fd48a871a9dcdb8b8b1eb39612e5df870a7e2c3c Mon Sep 17 00:00:00 2001
|
|
Daniel P. Berrangé |
d61e24 |
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
Daniel P. Berrangé |
d61e24 |
Date: Tue, 30 Apr 2019 17:26:13 +0100
|
|
Daniel P. Berrangé |
d61e24 |
Subject: [PATCH 1/3] admin: reject clients unless their UID matches the
|
|
Daniel P. Berrangé |
d61e24 |
current UID
|
|
Daniel P. Berrangé |
d61e24 |
MIME-Version: 1.0
|
|
Daniel P. Berrangé |
d61e24 |
Content-Type: text/plain; charset=UTF-8
|
|
Daniel P. Berrangé |
d61e24 |
Content-Transfer-Encoding: 8bit
|
|
Daniel P. Berrangé |
d61e24 |
|
|
Daniel P. Berrangé |
d61e24 |
The admin protocol RPC messages are only intended for use by the user
|
|
Daniel P. Berrangé |
d61e24 |
running the daemon. As such they should not be allowed for any client
|
|
Daniel P. Berrangé |
d61e24 |
UID that does not match the server UID.
|
|
Daniel P. Berrangé |
d61e24 |
|
|
Daniel P. Berrangé |
d61e24 |
Fixes CVE-2019-10132
|
|
Daniel P. Berrangé |
d61e24 |
|
|
Daniel P. Berrangé |
d61e24 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
Daniel P. Berrangé |
d61e24 |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Daniel P. Berrangé |
d61e24 |
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
|
|
Daniel P. Berrangé |
d61e24 |
---
|
|
Daniel P. Berrangé |
d61e24 |
src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
|
|
Daniel P. Berrangé |
d61e24 |
1 file changed, 22 insertions(+)
|
|
Daniel P. Berrangé |
d61e24 |
|
|
Daniel P. Berrangé |
d61e24 |
diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
|
|
Daniel P. Berrangé |
d61e24 |
index 85e693d76c..6e3b99f97d 100644
|
|
Daniel P. Berrangé |
d61e24 |
--- a/src/admin/admin_server_dispatch.c
|
|
Daniel P. Berrangé |
d61e24 |
+++ b/src/admin/admin_server_dispatch.c
|
|
Daniel P. Berrangé |
d61e24 |
@@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
|
|
Daniel P. Berrangé |
d61e24 |
void *opaque)
|
|
Daniel P. Berrangé |
d61e24 |
{
|
|
Daniel P. Berrangé |
d61e24 |
struct daemonAdmClientPrivate *priv;
|
|
Daniel P. Berrangé |
d61e24 |
+ uid_t clientuid;
|
|
Daniel P. Berrangé |
d61e24 |
+ gid_t clientgid;
|
|
Daniel P. Berrangé |
d61e24 |
+ pid_t clientpid;
|
|
Daniel P. Berrangé |
d61e24 |
+ unsigned long long timestamp;
|
|
Daniel P. Berrangé |
d61e24 |
+
|
|
Daniel P. Berrangé |
d61e24 |
+ if (virNetServerClientGetUNIXIdentity(client,
|
|
Daniel P. Berrangé |
d61e24 |
+ &clientuid,
|
|
Daniel P. Berrangé |
d61e24 |
+ &clientgid,
|
|
Daniel P. Berrangé |
d61e24 |
+ &clientpid,
|
|
Daniel P. Berrangé |
d61e24 |
+ ×tamp) < 0)
|
|
Daniel P. Berrangé |
d61e24 |
+ return NULL;
|
|
Daniel P. Berrangé |
d61e24 |
+
|
|
Daniel P. Berrangé |
d61e24 |
+ VIR_DEBUG("New client pid %lld uid %lld",
|
|
Daniel P. Berrangé |
d61e24 |
+ (long long)clientpid,
|
|
Daniel P. Berrangé |
d61e24 |
+ (long long)clientuid);
|
|
Daniel P. Berrangé |
d61e24 |
+
|
|
Daniel P. Berrangé |
d61e24 |
+ if (geteuid() != clientuid) {
|
|
Daniel P. Berrangé |
d61e24 |
+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
|
|
Daniel P. Berrangé |
d61e24 |
+ (long long)clientpid,
|
|
Daniel P. Berrangé |
d61e24 |
+ (long long)clientuid);
|
|
Daniel P. Berrangé |
d61e24 |
+ return NULL;
|
|
Daniel P. Berrangé |
d61e24 |
+ }
|
|
Daniel P. Berrangé |
d61e24 |
|
|
Daniel P. Berrangé |
d61e24 |
if (VIR_ALLOC(priv) < 0)
|
|
Daniel P. Berrangé |
d61e24 |
return NULL;
|
|
Daniel P. Berrangé |
d61e24 |
--
|
|
Daniel P. Berrangé |
d61e24 |
2.21.0
|
|
Daniel P. Berrangé |
d61e24 |
|