mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-31 14:07:16 +00:00
util: get rid of virIsSUID method
Now that none of the libvirt.so code will ever run in a setuid context, we can remove the virIsSUID() method. The global initializer function can just inline the check itself. The new inlined check is slightly stronger as it also looks for a setgid situation. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
ac0d21c762
commit
0c69168486
@ -250,13 +250,12 @@ virGlobalInit(void)
|
|||||||
virErrorInitialize() < 0)
|
virErrorInitialize() < 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
#ifndef LIBVIRT_SETUID_RPC_CLIENT
|
if (getuid() != geteuid() ||
|
||||||
if (virIsSUID()) {
|
getgid() != getegid()) {
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
_("libvirt.so is not safe to use from setuid programs"));
|
_("libvirt.so is not safe to use from setuid/setgid programs"));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
virLogSetFromEnv();
|
virLogSetFromEnv();
|
||||||
|
|
||||||
@ -844,12 +843,6 @@ virConnectOpenInternal(const char *name,
|
|||||||
if (name && name[0] == '\0')
|
if (name && name[0] == '\0')
|
||||||
name = NULL;
|
name = NULL;
|
||||||
|
|
||||||
if (!name && virIsSUID()) {
|
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
||||||
_("An explicit URI must be provided when setuid"));
|
|
||||||
goto failed;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Convert xen -> xen:///system for back compat */
|
/* Convert xen -> xen:///system for back compat */
|
||||||
if (name && STRCASEEQ(name, "xen"))
|
if (name && STRCASEEQ(name, "xen"))
|
||||||
name = "xen:///system";
|
name = "xen:///system";
|
||||||
|
@ -3298,7 +3298,6 @@ virHostGetDRMRenderNode;
|
|||||||
virHostHasIOMMU;
|
virHostHasIOMMU;
|
||||||
virIndexToDiskName;
|
virIndexToDiskName;
|
||||||
virIsDevMapperDevice;
|
virIsDevMapperDevice;
|
||||||
virIsSUID;
|
|
||||||
virMemoryLimitIsSet;
|
virMemoryLimitIsSet;
|
||||||
virMemoryLimitTruncate;
|
virMemoryLimitTruncate;
|
||||||
virMemoryMaxValue;
|
virMemoryMaxValue;
|
||||||
|
@ -853,21 +853,6 @@ doRemoteOpen(virConnectPtr conn,
|
|||||||
transport = trans_unix;
|
transport = trans_unix;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* We don't want to be executing external programs in setuid mode,
|
|
||||||
* so this rules out 'ext' and 'ssh' transports. Exclude libssh
|
|
||||||
* and tls too, since we're not confident the libraries are safe
|
|
||||||
* for setuid usage. Just allow UNIX sockets, since that does
|
|
||||||
* not require any external libraries or command execution
|
|
||||||
*/
|
|
||||||
if (virIsSUID() &&
|
|
||||||
transport != trans_unix) {
|
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
||||||
_("Only Unix socket URI transport is allowed in setuid mode"));
|
|
||||||
return VIR_DRV_OPEN_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Remote server defaults to "localhost" if not specified. */
|
/* Remote server defaults to "localhost" if not specified. */
|
||||||
if (conn->uri && conn->uri->port != 0) {
|
if (conn->uri && conn->uri->port != 0) {
|
||||||
if (virAsprintf(&port, "%d", conn->uri->port) < 0)
|
if (virAsprintf(&port, "%d", conn->uri->port) < 0)
|
||||||
@ -1353,8 +1338,7 @@ remoteConnectOpen(virConnectPtr conn,
|
|||||||
* transport is listed, or transport is unix,
|
* transport is listed, or transport is unix,
|
||||||
* and uid is unprivileged then auto-spawn a daemon.
|
* and uid is unprivileged then auto-spawn a daemon.
|
||||||
*/
|
*/
|
||||||
if (!virIsSUID() &&
|
if (!conn->uri->server &&
|
||||||
!conn->uri->server &&
|
|
||||||
(transport == NULL || STREQ(transport, "unix")) &&
|
(transport == NULL || STREQ(transport, "unix")) &&
|
||||||
(!autostart ||
|
(!autostart ||
|
||||||
STRNEQ(autostart, "0"))) {
|
STRNEQ(autostart, "0"))) {
|
||||||
@ -1372,9 +1356,8 @@ remoteConnectOpen(virConnectPtr conn,
|
|||||||
if (geteuid() > 0) {
|
if (geteuid() > 0) {
|
||||||
VIR_DEBUG("Auto-spawn user daemon instance");
|
VIR_DEBUG("Auto-spawn user daemon instance");
|
||||||
rflags |= VIR_DRV_OPEN_REMOTE_USER;
|
rflags |= VIR_DRV_OPEN_REMOTE_USER;
|
||||||
if (!virIsSUID() &&
|
if (!autostart ||
|
||||||
(!autostart ||
|
STRNEQ(autostart, "0"))
|
||||||
STRNEQ(autostart, "0")))
|
|
||||||
rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
|
rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1588,7 +1588,6 @@ virLogParseOutput(const char *src)
|
|||||||
size_t count = 0;
|
size_t count = 0;
|
||||||
virLogPriority prio;
|
virLogPriority prio;
|
||||||
int dest;
|
int dest;
|
||||||
bool isSUID = virIsSUID();
|
|
||||||
|
|
||||||
VIR_DEBUG("output=%s", src);
|
VIR_DEBUG("output=%s", src);
|
||||||
|
|
||||||
@ -1626,14 +1625,6 @@ virLogParseOutput(const char *src)
|
|||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if running with setuid, only 'stderr' is allowed */
|
|
||||||
if (isSUID && dest != VIR_LOG_TO_STDERR) {
|
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
||||||
_("Running with SUID permits only destination of type "
|
|
||||||
"'stderr'"));
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch ((virLogDestination) dest) {
|
switch ((virLogDestination) dest) {
|
||||||
case VIR_LOG_TO_STDERR:
|
case VIR_LOG_TO_STDERR:
|
||||||
ret = virLogNewOutputToStderr(prio);
|
ret = virLogNewOutputToStderr(prio);
|
||||||
|
@ -1750,18 +1750,6 @@ const char *virGetEnvAllowSUID(const char *name)
|
|||||||
return getenv(name); /* exempt from syntax-check */
|
return getenv(name); /* exempt from syntax-check */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* virIsSUID:
|
|
||||||
* Return a true value if running setuid. Does not
|
|
||||||
* check for elevated capabilities bits.
|
|
||||||
*/
|
|
||||||
bool virIsSUID(void)
|
|
||||||
{
|
|
||||||
return getuid() != geteuid();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static time_t selfLastChanged;
|
static time_t selfLastChanged;
|
||||||
|
|
||||||
time_t virGetSelfLastChanged(void)
|
time_t virGetSelfLastChanged(void)
|
||||||
|
@ -143,7 +143,6 @@ int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
|
|||||||
|
|
||||||
const char *virGetEnvBlockSUID(const char *name);
|
const char *virGetEnvBlockSUID(const char *name);
|
||||||
const char *virGetEnvAllowSUID(const char *name);
|
const char *virGetEnvAllowSUID(const char *name);
|
||||||
bool virIsSUID(void);
|
|
||||||
|
|
||||||
|
|
||||||
time_t virGetSelfLastChanged(void);
|
time_t virGetSelfLastChanged(void);
|
||||||
|
Loading…
Reference in New Issue
Block a user