git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Ján Tomko <jtomko@redhat.com>
	Fri, 14 Jun 2019 07:14:53 +0000 (09:14 +0200)
committer	Ján Tomko <jtomko@redhat.com>
	Mon, 24 Jun 2019 08:00:05 +0000 (10:00 +0200)
commit	d9a1f3debad411756f53ab8ab81e44ab0bb50e0a
tree	03e78c6d5953e136f097b45630d156a3649caf13	tree
parent	1f8129c5db3952a57900b8cd1d94e629068e6aa5	commit \| diff

api: disallow virDomainManagedSaveDefineXML on read-only connections

The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
Signed-off-by: Ján Tomko <jtomko@redhat.com>