git.ipfire.org Git - thirdparty/qemu.git/commit

author	Konstantin Kostiuk <kkostiuk@redhat.com>
	Fri, 3 Mar 2023 19:20:08 +0000 (21:20 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Wed, 2 Aug 2023 13:07:32 +0000 (16:07 +0300)
commit	b629412e9d2129897126244cdfcc0b0c06df8542
tree	f5097ebf818c9e86d6f692aa5dcf149bbda51175	tree
parent	daa3277175e7fd7ec97d2368a35e9804f1870410	commit \| diff

qga/win32: Use rundll for VSS installation

The custom action uses cmd.exe to run VSS Service installation
and removal which causes an interactive command shell to spawn.
This shell can be used to execute any commands as a SYSTEM user.
Even if call qemu-ga.exe directly the interactive command shell
will be spawned as qemu-ga.exe is a console application and used
by users from the console as well as a service.

As VSS Service runs from DLL which contains the installer and
uninstaller code, it can be run directly by rundll32.exe without
any interactive command shell.

Add specific entry points for rundll which is just a wrapper
for COMRegister/COMUnregister functions with proper arguments.

resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
fixes: CVE-2023-0664 (part 2 of 2)

Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
Reported-by: Brian Wiltse <brian.wiltse@live.com>
(cherry picked from commit 07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

qga/installer/qemu-ga.wxs		diff \| blob \| blame \| history
qga/vss-win32/install.cpp		diff \| blob \| blame \| history
qga/vss-win32/qga-vss.def		diff \| blob \| blame \| history