Block all use of libvirt.so in setuid programs

Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 9cd6a57db6ea6762fbf85c59c379a27fa6e7fd2e)

diff --git a/src/libvirt.c b/src/libvirt.c
index dd07db69885c2aa2baa6ffef790955fa767c382c..d4d7f717289364999f88fc2b10658e4ea5a172fd 100644 (file)
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -409,6 +409,14 @@ virGlobalInit(void)
         virErrorInitialize() < 0)
         goto error;
 
+#ifndef IN_VIRT_LOGIN_SHELL
+    if (virIsSUID()) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("libvirt.so is not safe to use from setuid programs"));
+        goto error;
+    }
+#endif
+
 #ifdef WITH_GNUTLS_GCRYPT
     /*
      * This sequence of API calls it copied exactly from