]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5085b7) | patch
api: disallow virConnect*HypervisorCPU on read-only connections v5.1-maint
authorJán Tomko <jtomko@redhat.com>
Fri, 14 Jun 2019 07:17:39 +0000 (09:17 +0200)
committerJán Tomko <jtomko@redhat.com>
Mon, 24 Jun 2019 07:40:32 +0000 (09:40 +0200)
commit2a3f95a40725f743b5189868bcc1a78d922517f6
treeffa8de5e5e91314e0ca81e22886a7f23dd4bcc06tree
parentc5085b7a9031f899c7bef0d2630aa77c461b92a6commit | diff
api: disallow virConnect*HypervisorCPU on read-only connections

These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.

Fixes: CVE-2019-10168
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
src/libvirt-host.c diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git