]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6342711) | patch
api: disallow virDomainSaveImageGetXMLDesc on read-only connections
authorJán Tomko <jtomko@redhat.com>
Fri, 14 Jun 2019 06:47:42 +0000 (08:47 +0200)
committerJán Tomko <jtomko@redhat.com>
Thu, 20 Jun 2019 11:50:56 +0000 (13:50 +0200)
commitaed6a032cead4386472afb24b16196579e239580
treed168723cd71e4cb7a6492cda53cdb5b69efc1988tree
parent63427110b6ad8f993874aa3c0c3bfb7245ce7676commit | diff
api: disallow virDomainSaveImageGetXMLDesc on read-only connections

The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
src/libvirt-domain.c diff | blob | blame | history
src/qemu/qemu_driver.c diff | blob | blame | history
src/remote/remote_protocol.x diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git