git.ipfire.org Git - thirdparty/libvirt.git/commit

]> git.ipfire.org Git - thirdparty/libvirt.git/commit

projects / thirdparty / libvirt.git / commit

author	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 30 Apr 2019 16:26:13 +0000 (17:26 +0100)
committer	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 21 May 2019 12:32:22 +0000 (13:32 +0100)
commit	39fb5ab3125d1669344bab94ccb71bce814d9ae2
tree	03b15688e30fb0ea1cfa3844d4c3c0b5a436c8df	tree \| snapshot
parent	47d58fb51112a1491edc055d4962b7de72ebf79b	commit \| diff

admin: reject clients unless their UID matches the current UID

The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)

src/admin/admin_server_dispatch.c

diff | blob | blame | history

Mirror of https://github.com/libvirt/libvirt.git

RSS Atom