git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 28 Aug 2013 14:25:40 +0000 (15:25 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Wed, 18 Sep 2013 14:45:53 +0000 (15:45 +0100)
commit	8616dc8b4f3bf0537cb316eb1465d213012d131f
tree	33a1ada43dc631b14b02a549fd6be3ba0f6cb22d	tree \| snapshot
parent	606ceb41be2e72a8ab08c3dc6538619bc5d018d9	commit \| diff

Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)

With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 922b7fda77b094dbf022d625238262ea05335666)

configure.ac		diff \| blob \| blame \| history
daemon/remote.c		diff \| blob \| blame \| history
libvirt.spec.in		diff \| blob \| blame \| history
src/access/viraccessdriverpolkit.c		diff \| blob \| blame \| history