External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-09 22:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Block all use of libvirt.so in setuid programs

Browse Source 
Avoid people introducing security flaws in their apps by
forbidding the use of libvirt.so in setuid programs, with
a check in virInitialize.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 9cd6a57db6)
This commit is contained in:
Daniel P. Berrange 2013-10-10 17:45:14 +01:00
parent 54b33cc986
commit 0c4aec29b6
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libvirt.c
View File

@ -409,6 +409,14 @@ virGlobalInit(void)
virErrorInitialize() < 0) virErrorInitialize() < 0)
goto error; goto error;
#ifndef IN_VIRT_LOGIN_SHELL
if (virIsSUID()) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("libvirt.so is not safe to use from setuid programs"));
goto error;
}
#endif
#ifdef WITH_GNUTLS_GCRYPT #ifdef WITH_GNUTLS_GCRYPT
/* /*
* This sequence of API calls it copied exactly from * This sequence of API calls it copied exactly from