rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-admin-reject-clients-unless-their-UID-matches-the-current-UID.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   f3a72a3599d22200c1cc99f3f8bb16ddba074040
  2.   SOURCES
  3.   libvirt-admin-reject-clients-unless-their-UID-matches-the-current-UID.patch
Blob History Raw
f3a72a 
From dba153a54183187d16cb983d269516930c555ad8 Mon Sep 17 00:00:00 2001
f3a72a 
Message-Id: <dba153a54183187d16cb983d269516930c555ad8@dist-git>
f3a72a 
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
f3a72a 
Date: Wed, 15 May 2019 21:40:56 +0100
f3a72a 
Subject: [PATCH] admin: reject clients unless their UID matches the current
f3a72a 
 UID
f3a72a 
MIME-Version: 1.0
f3a72a 
Content-Type: text/plain; charset=UTF-8
f3a72a 
Content-Transfer-Encoding: 8bit
f3a72a
f3a72a 
The admin protocol RPC messages are only intended for use by the user
f3a72a 
running the daemon. As such they should not be allowed for any client
f3a72a 
UID that does not match the server UID.
f3a72a
f3a72a 
Fixes CVE-2019-10132
f3a72a
f3a72a 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
f3a72a 
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
f3a72a 
(cherry picked from a private commit)
f3a72a 
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
f3a72a 
Message-Id: <20190515204058.28077-2-berrange@redhat.com>
f3a72a 
---
f3a72a 
 src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
f3a72a 
 1 file changed, 22 insertions(+)
f3a72a
f3a72a 
diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
f3a72a 
index b78ff902c0..9f25813ae3 100644
f3a72a 
--- a/src/admin/admin_server_dispatch.c
f3a72a 
+++ b/src/admin/admin_server_dispatch.c
f3a72a 
@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
f3a72a 
                    void *opaque)
f3a72a 
 {
f3a72a 
     struct daemonAdmClientPrivate *priv;
f3a72a 
+    uid_t clientuid;
f3a72a 
+    gid_t clientgid;
f3a72a 
+    pid_t clientpid;
f3a72a 
+    unsigned long long timestamp;
f3a72a 
+
f3a72a 
+    if (virNetServerClientGetUNIXIdentity(client,
f3a72a 
+                                          &clientuid,
f3a72a 
+                                          &clientgid,
f3a72a 
+                                          &clientpid,
f3a72a 
+                                          &timestamp) < 0)
f3a72a 
+        return NULL;
f3a72a 
+
f3a72a 
+    VIR_DEBUG("New client pid %lld uid %lld",
f3a72a 
+              (long long)clientpid,
f3a72a 
+              (long long)clientuid);
f3a72a 
+
f3a72a 
+    if (geteuid() != clientuid) {
f3a72a 
+        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
f3a72a 
+                                 (long long)clientpid,
f3a72a 
+                                 (long long)clientuid);
f3a72a 
+        return NULL;
f3a72a 
+    }
f3a72a
f3a72a 
     if (VIR_ALLOC(priv) < 0)
f3a72a 
         return NULL;
f3a72a 
--
f3a72a 
2.21.0
f3a72a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation