mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
util: get rid of virIsSUID method
Now that none of the libvirt.so code will ever run in a setuid context, we can remove the virIsSUID() method. The global initializer function can just inline the check itself. The new inlined check is slightly stronger as it also looks for a setgid situation. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
ac0d21c762
commit
0c69168486
@ -250,13 +250,12 @@ virGlobalInit(void)
|
||||
virErrorInitialize() < 0)
|
||||
goto error;
|
||||
|
||||
#ifndef LIBVIRT_SETUID_RPC_CLIENT
|
||||
if (virIsSUID()) {
|
||||
if (getuid() != geteuid() ||
|
||||
getgid() != getegid()) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("libvirt.so is not safe to use from setuid programs"));
|
||||
_("libvirt.so is not safe to use from setuid/setgid programs"));
|
||||
goto error;
|
||||
}
|
||||
#endif
|
||||
|
||||
virLogSetFromEnv();
|
||||
|
||||
@ -844,12 +843,6 @@ virConnectOpenInternal(const char *name,
|
||||
if (name && name[0] == '\0')
|
||||
name = NULL;
|
||||
|
||||
if (!name && virIsSUID()) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("An explicit URI must be provided when setuid"));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/* Convert xen -> xen:///system for back compat */
|
||||
if (name && STRCASEEQ(name, "xen"))
|
||||
name = "xen:///system";
|
||||
|
@ -3298,7 +3298,6 @@ virHostGetDRMRenderNode;
|
||||
virHostHasIOMMU;
|
||||
virIndexToDiskName;
|
||||
virIsDevMapperDevice;
|
||||
virIsSUID;
|
||||
virMemoryLimitIsSet;
|
||||
virMemoryLimitTruncate;
|
||||
virMemoryMaxValue;
|
||||
|
@ -853,21 +853,6 @@ doRemoteOpen(virConnectPtr conn,
|
||||
transport = trans_unix;
|
||||
}
|
||||
|
||||
/*
|
||||
* We don't want to be executing external programs in setuid mode,
|
||||
* so this rules out 'ext' and 'ssh' transports. Exclude libssh
|
||||
* and tls too, since we're not confident the libraries are safe
|
||||
* for setuid usage. Just allow UNIX sockets, since that does
|
||||
* not require any external libraries or command execution
|
||||
*/
|
||||
if (virIsSUID() &&
|
||||
transport != trans_unix) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("Only Unix socket URI transport is allowed in setuid mode"));
|
||||
return VIR_DRV_OPEN_ERROR;
|
||||
}
|
||||
|
||||
|
||||
/* Remote server defaults to "localhost" if not specified. */
|
||||
if (conn->uri && conn->uri->port != 0) {
|
||||
if (virAsprintf(&port, "%d", conn->uri->port) < 0)
|
||||
@ -1353,8 +1338,7 @@ remoteConnectOpen(virConnectPtr conn,
|
||||
* transport is listed, or transport is unix,
|
||||
* and uid is unprivileged then auto-spawn a daemon.
|
||||
*/
|
||||
if (!virIsSUID() &&
|
||||
!conn->uri->server &&
|
||||
if (!conn->uri->server &&
|
||||
(transport == NULL || STREQ(transport, "unix")) &&
|
||||
(!autostart ||
|
||||
STRNEQ(autostart, "0"))) {
|
||||
@ -1372,9 +1356,8 @@ remoteConnectOpen(virConnectPtr conn,
|
||||
if (geteuid() > 0) {
|
||||
VIR_DEBUG("Auto-spawn user daemon instance");
|
||||
rflags |= VIR_DRV_OPEN_REMOTE_USER;
|
||||
if (!virIsSUID() &&
|
||||
(!autostart ||
|
||||
STRNEQ(autostart, "0")))
|
||||
if (!autostart ||
|
||||
STRNEQ(autostart, "0"))
|
||||
rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
|
||||
}
|
||||
}
|
||||
|
@ -1588,7 +1588,6 @@ virLogParseOutput(const char *src)
|
||||
size_t count = 0;
|
||||
virLogPriority prio;
|
||||
int dest;
|
||||
bool isSUID = virIsSUID();
|
||||
|
||||
VIR_DEBUG("output=%s", src);
|
||||
|
||||
@ -1626,14 +1625,6 @@ virLogParseOutput(const char *src)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* if running with setuid, only 'stderr' is allowed */
|
||||
if (isSUID && dest != VIR_LOG_TO_STDERR) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("Running with SUID permits only destination of type "
|
||||
"'stderr'"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
switch ((virLogDestination) dest) {
|
||||
case VIR_LOG_TO_STDERR:
|
||||
ret = virLogNewOutputToStderr(prio);
|
||||
|
@ -1750,18 +1750,6 @@ const char *virGetEnvAllowSUID(const char *name)
|
||||
return getenv(name); /* exempt from syntax-check */
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* virIsSUID:
|
||||
* Return a true value if running setuid. Does not
|
||||
* check for elevated capabilities bits.
|
||||
*/
|
||||
bool virIsSUID(void)
|
||||
{
|
||||
return getuid() != geteuid();
|
||||
}
|
||||
|
||||
|
||||
static time_t selfLastChanged;
|
||||
|
||||
time_t virGetSelfLastChanged(void)
|
||||
|
@ -143,7 +143,6 @@ int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
|
||||
|
||||
const char *virGetEnvBlockSUID(const char *name);
|
||||
const char *virGetEnvAllowSUID(const char *name);
|
||||
bool virIsSUID(void);
|
||||
|
||||
|
||||
time_t virGetSelfLastChanged(void);
|
||||
|
Loading…
Reference in New Issue
Block a user