git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Ján Tomko <jtomko@redhat.com>
	Fri, 14 Jun 2019 06:47:42 +0000 (08:47 +0200)
committer	Ján Tomko <jtomko@redhat.com>
	Mon, 24 Jun 2019 08:18:16 +0000 (10:18 +0200)
commit	a9e40f23207f464c322f4250b1373ff50ca71a85
tree	95b4ca5e429a82ead46776065e8a5dd3f59edf55	tree \| snapshot
parent	c9985379914e3a46ee72994f8b125de9d3a85f30	commit \| diff

api: disallow virDomainSaveImageGetXMLDesc on read-only connections

The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Conflicts:
src/libvirt-domain.c
src/remote/remote_protocol.x

Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.

Signed-off-by: Ján Tomko <jtomko@redhat.com>

src/libvirt-domain.c		diff \| blob \| blame \| history
src/qemu/qemu_driver.c		diff \| blob \| blame \| history
src/remote/remote_protocol.x		diff \| blob \| blame \| history