From 0fa405175a987a595245cf6d7d1db8e65e566801 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 9 Oct 2013 11:47:13 +0100 Subject: [PATCH] Don't allow remote driver daemon autostart when running setuid We don't want setuid programs automatically spawning libvirtd, so disable any use of autostart when setuid. Signed-off-by: Daniel P. Berrange (cherry picked from commit 171bb129115d49c567b643acaf20b363b124b8cf) --- src/remote/remote_driver.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index fd8eeb1b91..4f27269265 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -431,7 +431,7 @@ doRemoteOpen(virConnectPtr conn, trans_tcp, } transport; #ifndef WIN32 - const char *daemonPath; + const char *daemonPath = NULL; #endif /* We handle *ALL* URIs here. The caller has rejected any @@ -713,7 +713,8 @@ doRemoteOpen(virConnectPtr conn, VIR_DEBUG("Proceeding with sockname %s", sockname); } - if (!(daemonPath = remoteFindDaemonPath())) { + if ((flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) && + !(daemonPath = remoteFindDaemonPath())) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unable to locate libvirtd daemon in %s " "(to override, set $LIBVIRTD_PATH to the " @@ -997,8 +998,9 @@ remoteConnectOpen(virConnectPtr conn, getuid() > 0) { VIR_DEBUG("Auto-spawn user daemon instance"); rflags |= VIR_DRV_OPEN_REMOTE_USER; - if (!autostart || - STRNEQ(autostart, "0")) + if (!virIsSUID() && + (!autostart || + STRNEQ(autostart, "0"))) rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART; } @@ -1014,8 +1016,9 @@ remoteConnectOpen(virConnectPtr conn, if (getuid() > 0) { VIR_DEBUG("Auto-spawn user daemon instance"); rflags |= VIR_DRV_OPEN_REMOTE_USER; - if (!autostart || - STRNEQ(autostart, "0")) + if (!virIsSUID() && + (!autostart || + STRNEQ(autostart, "0"))) rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART; } #endif