[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] security: provide supplemental groups even when parsing label (CVE-2013-4291)



On 08/29/2013 08:53 AM, Daniel P. Berrange wrote:
> On Thu, Aug 29, 2013 at 08:47:11AM -0600, Eric Blake wrote:
>> Commit 29fe5d7 (released in 1.1.1) introduced a latent problem
>> for any caller of virSecurityManagerSetProcessLabel and where
>> the domain already had a uid:gid label to be parsed.  Such a
>> setup would collect the list of supplementary groups during
>> virSecurityManagerPreFork, but then ignores that information,
>> and thus fails to call setgroups() to adjust the supplementary
>> groups of the process.
>>

> ACK

Thanks; pushed to master and v0.10.2-maint.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]