git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Ján Tomko <jtomko@redhat.com>
	Fri, 14 Jun 2019 07:14:53 +0000 (09:14 +0200)
committer	Ján Tomko <jtomko@redhat.com>
	Mon, 24 Jun 2019 07:12:12 +0000 (09:12 +0200)
commit	f4dabe99f7f46520f2967f3e068fcbeb54e617df
tree	dd38145b4a7e9c58d2d210e5e0ce80f126f4ba8e	tree \| snapshot
parent	dae676751cee86eaad880ee9c654823ce0e021ad	commit \| diff

api: disallow virDomainManagedSaveDefineXML on read-only connections

The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
Signed-off-by: Ján Tomko <jtomko@redhat.com>