[Pkg-libvirt-commits] [SCM] Libvirt debian packaging branch, experimental, updated. debian/0.5.1-2-7-g00e0e44
Guido Guenther
agx at sigxcpu.org
Thu Dec 18 15:39:57 UTC 2008
The following commit has been merged in the experimental branch:
commit 2fd522438ec0562319041dd5bbf51e09e1b1c449
Author: Guido Günther <agx at sigxcpu.org>
Date: Thu Dec 18 16:10:58 2008 +0100
apply upstream patch for CVE-2008-5086
Closes: #509106
diff --git a/debian/patches/0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch b/debian/patches/0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch
new file mode 100644
index 0000000..d2c4b4f
--- /dev/null
+++ b/debian/patches/0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch
@@ -0,0 +1,212 @@
+From 91970e9687f16337a5a72cb7a4eeb25e982be02e Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange at redhat.com>
+Date: Wed, 17 Dec 2008 16:55:58 +0000
+Subject: [PATCH] Fix missing read-only access checks (CVE-2008-5086)
+
+The following methods in libvirt.c are missing a check against the
+read-only connection flag:
+
+ virDomainMigrate
+ virDomainMigratePrepare
+ virDomainMigratePerform
+ virDomainMigrateFinish
+ virDomainMigratePrepare2
+ virDomainMigrateFinish2
+ virDomainBlockPeek
+ virDomainMemoryPeek
+ virDomainSetAutostart
+ virNetworkSetAutostart
+ virConnectFindStoragePoolSources
+ virStoragePoolSetAutostart
+
+If using PolicyKit auth, the default policy will allow any local user
+to make a read-only connection to the libvirtd daemon without needing
+authentication.
+
+If not using PolicyKit, the default libvirtd.conf configuration settings
+will allow an unprivileged user to make a read-only connection to the
+libvirtd daemon without needing authentication.
+
+Thus out of the box unprivileged local users may be able to migrate VMs,
+set or unset the autostart flag for domains, networks & storage pools,
+and access privileged data in the VM memory, or disks.
+
+All TCP remote connections are read-write, and default settings require
+full authentication, thus remote access is not impacted by this flaw.
+
+Administrators can apply a workaround by editting /etc/libvirt/libvirtd.conf
+to explicitly set 'unix_sock_ro_perms' parameter to '0700'. Restart the
+libvirtd daemon after making this change.
+
+The first vulnerable release was 0.3.2, where the virDomainMigrate API
+was added for the Xen driver. Other APIs were added in various subsequent
+releases depending on the hypervisor driver in question.
+
+The attached patch has been committed to CVS, and OS distributors are
+recommended to apply this patch to all existing releases shipped. It
+was diff'd against current CVS head, and applies against 0.5.1, and
+is trivially re-diffable for all earlier releases.
+
+This flaw has been assigned the identifier CVE-2008-5086
+
+Daniel
+---
+ src/libvirt.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 65 insertions(+), 0 deletions(-)
+
+diff --git a/src/libvirt.c b/src/libvirt.c
+index a279024..1b0e31a 100644
+--- a/src/libvirt.c
++++ b/src/libvirt.c
+@@ -2299,6 +2299,16 @@ virDomainMigrate (virDomainPtr domain,
+ return NULL;
+ }
+
++ if (domain->conn->flags & VIR_CONNECT_RO) {
++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return NULL;
++ }
++ if (dconn->flags & VIR_CONNECT_RO) {
++ /* NB, delibrately report error against source object, not dest here */
++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return NULL;
++ }
++
+ /* Check that migration is supported by both drivers. */
+ if (VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn,
+ VIR_DRV_FEATURE_MIGRATION_V1) &&
+@@ -2426,6 +2436,11 @@ virDomainMigratePrepare (virConnectPtr dconn,
+ return -1;
+ }
+
++ if (dconn->flags & VIR_CONNECT_RO) {
++ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return -1;
++ }
++
+ if (dconn->driver->domainMigratePrepare)
+ return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen,
+ uri_in, uri_out,
+@@ -2457,6 +2472,11 @@ virDomainMigratePerform (virDomainPtr domain,
+ }
+ conn = domain->conn;
+
++ if (domain->conn->flags & VIR_CONNECT_RO) {
++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return -1;
++ }
++
+ if (conn->driver->domainMigratePerform)
+ return conn->driver->domainMigratePerform (domain, cookie, cookielen,
+ uri,
+@@ -2485,6 +2505,11 @@ virDomainMigrateFinish (virConnectPtr dconn,
+ return NULL;
+ }
+
++ if (dconn->flags & VIR_CONNECT_RO) {
++ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return NULL;
++ }
++
+ if (dconn->driver->domainMigrateFinish)
+ return dconn->driver->domainMigrateFinish (dconn, dname,
+ cookie, cookielen,
+@@ -2517,6 +2542,11 @@ virDomainMigratePrepare2 (virConnectPtr dconn,
+ return -1;
+ }
+
++ if (dconn->flags & VIR_CONNECT_RO) {
++ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return -1;
++ }
++
+ if (dconn->driver->domainMigratePrepare2)
+ return dconn->driver->domainMigratePrepare2 (dconn, cookie, cookielen,
+ uri_in, uri_out,
+@@ -2547,6 +2577,11 @@ virDomainMigrateFinish2 (virConnectPtr dconn,
+ return NULL;
+ }
+
++ if (dconn->flags & VIR_CONNECT_RO) {
++ virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return NULL;
++ }
++
+ if (dconn->driver->domainMigrateFinish2)
+ return dconn->driver->domainMigrateFinish2 (dconn, dname,
+ cookie, cookielen,
+@@ -2905,6 +2940,11 @@ virDomainBlockPeek (virDomainPtr dom,
+ }
+ conn = dom->conn;
+
++ if (dom->conn->flags & VIR_CONNECT_RO) {
++ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return (-1);
++ }
++
+ if (!path) {
+ virLibDomainError (dom, VIR_ERR_INVALID_ARG,
+ _("path is NULL"));
+@@ -2980,6 +3020,11 @@ virDomainMemoryPeek (virDomainPtr dom,
+ }
+ conn = dom->conn;
+
++ if (dom->conn->flags & VIR_CONNECT_RO) {
++ virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return (-1);
++ }
++
+ /* Flags must be VIR_MEMORY_VIRTUAL at the moment.
+ *
+ * Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
+@@ -3247,6 +3292,11 @@ virDomainSetAutostart(virDomainPtr domain,
+
+ conn = domain->conn;
+
++ if (domain->conn->flags & VIR_CONNECT_RO) {
++ virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return (-1);
++ }
++
+ if (conn->driver->domainSetAutostart)
+ return conn->driver->domainSetAutostart (domain, autostart);
+
+@@ -4197,6 +4247,11 @@ virNetworkSetAutostart(virNetworkPtr network,
+ return (-1);
+ }
+
++ if (network->conn->flags & VIR_CONNECT_RO) {
++ virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return (-1);
++ }
++
+ conn = network->conn;
+
+ if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
+@@ -4395,6 +4450,11 @@ virConnectFindStoragePoolSources(virConnectPtr conn,
+ return NULL;
+ }
+
++ if (conn->flags & VIR_CONNECT_RO) {
++ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return NULL;
++ }
++
+ if (conn->storageDriver && conn->storageDriver->findPoolSources)
+ return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags);
+
+@@ -5068,6 +5128,11 @@ virStoragePoolSetAutostart(virStoragePoolPtr pool,
+ return (-1);
+ }
+
++ if (pool->conn->flags & VIR_CONNECT_RO) {
++ virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
++ return (-1);
++ }
++
+ conn = pool->conn;
+
+ if (conn->storageDriver && conn->storageDriver->poolSetAutostart)
+--
+1.6.0.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 8a8fda7..f2e7536 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
0003-allow-libvirt-group-to-access-the-socket.patch
0004-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch
0005-qemu-fix-parallel-serial-mode-tcp-and-unix.patch
+0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch
--
Libvirt debian packaging
More information about the Pkg-libvirt-commits
mailing list