|
|
c313de |
From 3eaa16967f0546c5d1596bb6c36767cbe01040b9 Mon Sep 17 00:00:00 2001
|
|
|
c313de |
Message-Id: <3eaa16967f0546c5d1596bb6c36767cbe01040b9@dist-git>
|
|
|
c313de |
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
|
c313de |
Date: Wed, 15 May 2019 21:40:56 +0100
|
|
|
c313de |
Subject: [PATCH] admin: reject clients unless their UID matches the current
|
|
|
c313de |
UID
|
|
|
c313de |
MIME-Version: 1.0
|
|
|
c313de |
Content-Type: text/plain; charset=UTF-8
|
|
|
c313de |
Content-Transfer-Encoding: 8bit
|
|
|
c313de |
|
|
|
c313de |
The admin protocol RPC messages are only intended for use by the user
|
|
|
c313de |
running the daemon. As such they should not be allowed for any client
|
|
|
c313de |
UID that does not match the server UID.
|
|
|
c313de |
|
|
|
c313de |
Fixes CVE-2019-10132
|
|
|
c313de |
|
|
|
c313de |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
c313de |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
c313de |
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
|
|
|
c313de |
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
c313de |
Message-Id: <20190515204058.28077-2-berrange@redhat.com>
|
|
|
c313de |
---
|
|
|
c313de |
src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
|
|
|
c313de |
1 file changed, 22 insertions(+)
|
|
|
c313de |
|
|
|
c313de |
diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
|
|
|
c313de |
index b78ff902c0..9f25813ae3 100644
|
|
|
c313de |
--- a/src/admin/admin_server_dispatch.c
|
|
|
c313de |
+++ b/src/admin/admin_server_dispatch.c
|
|
|
c313de |
@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
|
|
|
c313de |
void *opaque)
|
|
|
c313de |
{
|
|
|
c313de |
struct daemonAdmClientPrivate *priv;
|
|
|
c313de |
+ uid_t clientuid;
|
|
|
c313de |
+ gid_t clientgid;
|
|
|
c313de |
+ pid_t clientpid;
|
|
|
c313de |
+ unsigned long long timestamp;
|
|
|
c313de |
+
|
|
|
c313de |
+ if (virNetServerClientGetUNIXIdentity(client,
|
|
|
c313de |
+ &clientuid,
|
|
|
c313de |
+ &clientgid,
|
|
|
c313de |
+ &clientpid,
|
|
|
c313de |
+ ×tamp) < 0)
|
|
|
c313de |
+ return NULL;
|
|
|
c313de |
+
|
|
|
c313de |
+ VIR_DEBUG("New client pid %lld uid %lld",
|
|
|
c313de |
+ (long long)clientpid,
|
|
|
c313de |
+ (long long)clientuid);
|
|
|
c313de |
+
|
|
|
c313de |
+ if (geteuid() != clientuid) {
|
|
|
c313de |
+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
|
|
|
c313de |
+ (long long)clientpid,
|
|
|
c313de |
+ (long long)clientuid);
|
|
|
c313de |
+ return NULL;
|
|
|
c313de |
+ }
|
|
|
c313de |
|
|
|
c313de |
if (VIR_ALLOC(priv) < 0)
|
|
|
c313de |
return NULL;
|
|
|
c313de |
--
|
|
|
c313de |
2.22.0
|
|
|
c313de |
|