render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-Don-t-allow-remote-driver-daemon-autostart-when-running-setuid.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   43fe83eaf730f3f7762e8a227cf503f95f7ca084
  2.   SOURCES
  3.   libvirt-Don-t-allow-remote-driver-daemon-autostart-when-running-setuid.patch
Blob History Raw
43fe83 
From d8290207c5743110e8504c8b449839f4eb638af6 Mon Sep 17 00:00:00 2001
43fe83 
Message-Id: <d8290207c5743110e8504c8b449839f4eb638af6.1383321465.git.jdenemar@redhat.com>
43fe83 
From: "Daniel P. Berrange" <berrange@redhat.com>
43fe83 
Date: Wed, 30 Oct 2013 17:01:54 +0000
43fe83 
Subject: [PATCH] Don't allow remote driver daemon autostart when running
43fe83 
 setuid
43fe83
43fe83 
For
43fe83
43fe83 
  https://bugzilla.redhat.com/show_bug.cgi?id=1015247
43fe83
43fe83 
We don't want setuid programs automatically spawning libvirtd,
43fe83 
so disable any use of autostart when setuid.
43fe83
43fe83 
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
43fe83 
(cherry picked from commit 171bb129115d49c567b643acaf20b363b124b8cf)
43fe83 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
43fe83 
---
43fe83 
 src/remote/remote_driver.c | 15 +++++++++------
43fe83 
 1 file changed, 9 insertions(+), 6 deletions(-)
43fe83
43fe83 
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
43fe83 
index b6b629c..7688bf6 100644
43fe83 
--- a/src/remote/remote_driver.c
43fe83 
+++ b/src/remote/remote_driver.c
43fe83 
@@ -431,7 +431,7 @@ doRemoteOpen(virConnectPtr conn,
43fe83 
         trans_tcp,
43fe83 
     } transport;
43fe83 
 #ifndef WIN32
43fe83 
-    const char *daemonPath;
43fe83 
+    const char *daemonPath = NULL;
43fe83 
 #endif
43fe83
43fe83 
     /* We handle *ALL* URIs here. The caller has rejected any
43fe83 
@@ -713,7 +713,8 @@ doRemoteOpen(virConnectPtr conn,
43fe83 
             VIR_DEBUG("Proceeding with sockname %s", sockname);
43fe83 
         }
43fe83
43fe83 
-        if (!(daemonPath = remoteFindDaemonPath())) {
43fe83 
+        if ((flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) &&
43fe83 
+            !(daemonPath = remoteFindDaemonPath())) {
43fe83 
             virReportError(VIR_ERR_INTERNAL_ERROR,
43fe83 
                            _("Unable to locate libvirtd daemon in %s "
43fe83 
                              "(to override, set $LIBVIRTD_PATH to the "
43fe83 
@@ -997,8 +998,9 @@ remoteConnectOpen(virConnectPtr conn,
43fe83 
         getuid() > 0) {
43fe83 
         VIR_DEBUG("Auto-spawn user daemon instance");
43fe83 
         rflags |= VIR_DRV_OPEN_REMOTE_USER;
43fe83 
-        if (!autostart ||
43fe83 
-            STRNEQ(autostart, "0"))
43fe83 
+        if (!virIsSUID() &&
43fe83 
+            (!autostart ||
43fe83 
+             STRNEQ(autostart, "0")))
43fe83 
             rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
43fe83 
     }
43fe83
43fe83 
@@ -1014,8 +1016,9 @@ remoteConnectOpen(virConnectPtr conn,
43fe83 
         if (getuid() > 0) {
43fe83 
             VIR_DEBUG("Auto-spawn user daemon instance");
43fe83 
             rflags |= VIR_DRV_OPEN_REMOTE_USER;
43fe83 
-            if (!autostart ||
43fe83 
-                STRNEQ(autostart, "0"))
43fe83 
+            if (!virIsSUID() &&
43fe83 
+                (!autostart ||
43fe83 
+                 STRNEQ(autostart, "0")))
43fe83 
                 rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
43fe83 
         }
43fe83 
 #endif
43fe83 
--
43fe83 
1.8.4.2
43fe83

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation