[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] CVE-2011-1146



On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote:
> Hi,
> attached patch adds the missing checks for
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=683650
> 
> O.k. to apply?
> Cheers,
>  -- Guido

  This led me to review the full set of entry points.
  Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative
for the following reason:

paphio:~ -> grep shutdown test.xml
    <emulator>/sbin/shutdown</emulator>
paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native
--format qemu-argv --xml test.xml
error: internal error Child process exited with status 1.

paphio:~ ->

  Sure "/sbin/shutdown --help" fails, but it's still a remote
execution hazard which should not be allowed on readon only connections,
I prefer to close now since it's in same class of errors.

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]