rpms / libvirt

Clone
Source Code
GIT

Files

  1.   43fe83eaf730f3f7762e8a227cf503f95f7ca084
  2.   SOURCES
  3.   libvirt-Only-allow-stderr-log-output-when-running-setuid.patch
Blob Blame History Raw 
From ebad72b771d17033f03c00bcdc5bb24db5116862 Mon Sep 17 00:00:00 2001
Message-Id: <ebad72b771d17033f03c00bcdc5bb24db5116862.1383321464.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 30 Oct 2013 17:01:42 +0000
Subject: [PATCH] Only allow 'stderr' log output when running setuid

CVE-2013-4400

We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/util/virlog.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/util/virlog.c b/src/util/virlog.c
index 6f791ad..694da89 100644
--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@@ -1324,6 +1324,9 @@ int virLogPriorityFromSyslog(int priority ATTRIBUTE_UNUSED)
  * Multiple output can be defined in a single @output, they just need to be
  * separated by spaces.
  *
+ * If running in setuid mode, then only the 'stderr' output will
+ * be allowed
+ *
  * Returns the number of output parsed and installed or -1 in case of error
  */
 int
@@ -1335,6 +1338,7 @@ virLogParseOutputs(const char *outputs)
     virLogPriority prio;
     int ret = -1;
     int count = 0;
+    bool isSUID = virIsSUID();
 
     if (cur == NULL)
         return -1;
@@ -1354,6 +1358,8 @@ virLogParseOutputs(const char *outputs)
             if (virLogAddOutputToStderr(prio) == 0)
                 count++;
         } else if (STREQLEN(cur, "syslog", 6)) {
+            if (isSUID)
+                goto cleanup;
             cur += 6;
             if (*cur != ':')
                 goto cleanup;
@@ -1371,6 +1377,8 @@ virLogParseOutputs(const char *outputs)
             VIR_FREE(name);
 #endif /* HAVE_SYSLOG_H */
         } else if (STREQLEN(cur, "file", 4)) {
+            if (isSUID)
+                goto cleanup;
             cur += 4;
             if (*cur != ':')
                 goto cleanup;
@@ -1391,6 +1399,8 @@ virLogParseOutputs(const char *outputs)
             VIR_FREE(name);
             VIR_FREE(abspath);
         } else if (STREQLEN(cur, "journald", 8)) {
+            if (isSUID)
+                goto cleanup;
             cur += 8;
 #if USE_JOURNALD
             if (virLogAddOutputToJournald(prio) == 0)
-- 
1.8.4.2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation