render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
c313de
From 3eaa16967f0546c5d1596bb6c36767cbe01040b9 Mon Sep 17 00:00:00 2001
c313de
Message-Id: <3eaa16967f0546c5d1596bb6c36767cbe01040b9@dist-git>
c313de
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
c313de
Date: Wed, 15 May 2019 21:40:56 +0100
c313de
Subject: [PATCH] admin: reject clients unless their UID matches the current
c313de
 UID
c313de
MIME-Version: 1.0
c313de
Content-Type: text/plain; charset=UTF-8
c313de
Content-Transfer-Encoding: 8bit
c313de
c313de
The admin protocol RPC messages are only intended for use by the user
c313de
running the daemon. As such they should not be allowed for any client
c313de
UID that does not match the server UID.
c313de
c313de
Fixes CVE-2019-10132
c313de
c313de
Reviewed-by: Ján Tomko <jtomko@redhat.com>
c313de
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
c313de
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
c313de
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
c313de
Message-Id: <20190515204058.28077-2-berrange@redhat.com>
c313de
---
c313de
 src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
c313de
 1 file changed, 22 insertions(+)
c313de
c313de
diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
c313de
index b78ff902c0..9f25813ae3 100644
c313de
--- a/src/admin/admin_server_dispatch.c
c313de
+++ b/src/admin/admin_server_dispatch.c
c313de
@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
c313de
                    void *opaque)
c313de
 {
c313de
     struct daemonAdmClientPrivate *priv;
c313de
+    uid_t clientuid;
c313de
+    gid_t clientgid;
c313de
+    pid_t clientpid;
c313de
+    unsigned long long timestamp;
c313de
+
c313de
+    if (virNetServerClientGetUNIXIdentity(client,
c313de
+                                          &clientuid,
c313de
+                                          &clientgid,
c313de
+                                          &clientpid,
c313de
+                                          &timestamp) < 0)
c313de
+        return NULL;
c313de
+
c313de
+    VIR_DEBUG("New client pid %lld uid %lld",
c313de
+              (long long)clientpid,
c313de
+              (long long)clientuid);
c313de
+
c313de
+    if (geteuid() != clientuid) {
c313de
+        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
c313de
+                                 (long long)clientpid,
c313de
+                                 (long long)clientuid);
c313de
+        return NULL;
c313de
+    }
c313de
 
c313de
     if (VIR_ALLOC(priv) < 0)
c313de
         return NULL;
c313de
-- 
c313de
2.22.0
c313de