From d8290207c5743110e8504c8b449839f4eb638af6 Mon Sep 17 00:00:00 2001 Message-Id: From: "Daniel P. Berrange" Date: Wed, 30 Oct 2013 17:01:54 +0000 Subject: [PATCH] Don't allow remote driver daemon autostart when running setuid For https://bugzilla.redhat.com/show_bug.cgi?id=1015247 We don't want setuid programs automatically spawning libvirtd, so disable any use of autostart when setuid. Signed-off-by: Daniel P. Berrange (cherry picked from commit 171bb129115d49c567b643acaf20b363b124b8cf) Signed-off-by: Jiri Denemark --- src/remote/remote_driver.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index b6b629c..7688bf6 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -431,7 +431,7 @@ doRemoteOpen(virConnectPtr conn, trans_tcp, } transport; #ifndef WIN32 - const char *daemonPath; + const char *daemonPath = NULL; #endif /* We handle *ALL* URIs here. The caller has rejected any @@ -713,7 +713,8 @@ doRemoteOpen(virConnectPtr conn, VIR_DEBUG("Proceeding with sockname %s", sockname); } - if (!(daemonPath = remoteFindDaemonPath())) { + if ((flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) && + !(daemonPath = remoteFindDaemonPath())) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unable to locate libvirtd daemon in %s " "(to override, set $LIBVIRTD_PATH to the " @@ -997,8 +998,9 @@ remoteConnectOpen(virConnectPtr conn, getuid() > 0) { VIR_DEBUG("Auto-spawn user daemon instance"); rflags |= VIR_DRV_OPEN_REMOTE_USER; - if (!autostart || - STRNEQ(autostart, "0")) + if (!virIsSUID() && + (!autostart || + STRNEQ(autostart, "0"))) rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART; } @@ -1014,8 +1016,9 @@ remoteConnectOpen(virConnectPtr conn, if (getuid() > 0) { VIR_DEBUG("Auto-spawn user daemon instance"); rflags |= VIR_DRV_OPEN_REMOTE_USER; - if (!autostart || - STRNEQ(autostart, "0")) + if (!virIsSUID() && + (!autostart || + STRNEQ(autostart, "0"))) rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART; } #endif -- 1.8.4.2