git.ipfire.org Git - thirdparty/libvirt.git/commit

]> git.ipfire.org Git - thirdparty/libvirt.git/commit

projects / thirdparty / libvirt.git / commit

author	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 30 Apr 2019 16:26:13 +0000 (17:26 +0100)
committer	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 21 May 2019 12:25:54 +0000 (13:25 +0100)
commit	44a0bcdb107eb7ac251f9aa5a316f4c161f43542
tree	a715f7bf1a644cf183d058b69addd4ab0a141a3e	tree \| snapshot
parent	2686c9e10d118539e45ee8ecd15cd5262dd7d61b	commit \| diff

admin: reject clients unless their UID matches the current UID

The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)

src/admin/admin_server_dispatch.c

diff | blob | blame | history

Mirror of https://github.com/libvirt/libvirt.git

RSS Atom