From b019d146357887bcf45b85b251f568d54e1bafb1 Mon Sep 17 00:00:00 2001
Message-Id: <b019d146357887bcf45b85b251f568d54e1bafb1.1383321465.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 30 Oct 2013 17:01:57 +0000
Subject: [PATCH] Block all use of libvirt.so in setuid programs

For

  https://bugzilla.redhat.com/show_bug.cgi?id=1015247

Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 9cd6a57db6ea6762fbf85c59c379a27fa6e7fd2e)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/libvirt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/libvirt.c b/src/libvirt.c
index 54c90ec..e008368 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -409,6 +409,14 @@ virGlobalInit(void)
         virErrorInitialize() < 0)
         goto error;
 
+#ifndef IN_VIRT_LOGIN_SHELL
+    if (virIsSUID()) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("libvirt.so is not safe to use from setuid programs"));
+        goto error;
+    }
+#endif
+
 #ifdef WITH_GNUTLS_GCRYPT
     /*
      * This sequence of API calls it copied exactly from
-- 
1.8.4.2