[libvirt] [PATCH] CVE-2011-1146
Daniel Veillard
veillard at redhat.com
Mon Mar 14 08:23:17 UTC 2011
On Mon, Mar 14, 2011 at 09:08:36AM +0100, Guido Günther wrote:
> Hi Daniel,
> On Mon, Mar 14, 2011 at 11:25:08AM +0800, Daniel Veillard wrote:
> > On Sat, Mar 12, 2011 at 11:19:33PM +0100, Guido Günther wrote:
> > > Hi,
> > > attached patch adds the missing checks for
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=683650
> > >
> > > O.k. to apply?
> > > Cheers,
> > > -- Guido
> >
> > This led me to review the full set of entry points.
> > Okay, ACK, I applied it, but I also added virConnectDomainXMLToNative
> > for the following reason:
> >
> > paphio:~ -> grep shutdown test.xml
> > <emulator>/sbin/shutdown</emulator>
> > paphio:~ -> virsh --readonly -c qemu+ssh://test/system domxml-to-native
> > --format qemu-argv --xml test.xml
> > error: internal error Child process exited with status 1.
> >
> > paphio:~ ->
> >
> > Sure "/sbin/shutdown --help" fails, but it's still a remote
> > execution hazard which should not be allowed on readon only connections,
> > I prefer to close now since it's in same class of errors.
>
> Good catch. I missed that one during my review.
Well that one is a bit hidden, it's really due to way the internal
QEmu driver works, reverse operation should a priori be fine.
> Thanks for applying the
> patch!
No problem, thanks for chasing them, I think it's now 4 of us
who went though the full API set, hopefully we're safe now :-)
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list