mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 06:47:45 +00:00
Only allow 'stderr' log output when running setuid (CVE-2013-4400)
We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 8c3586ea75
)
This commit is contained in:
parent
25ebb2f8bb
commit
d8accf54e3
@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priority ATTRIBUTE_UNUSED)
|
|||||||
* Multiple output can be defined in a single @output, they just need to be
|
* Multiple output can be defined in a single @output, they just need to be
|
||||||
* separated by spaces.
|
* separated by spaces.
|
||||||
*
|
*
|
||||||
|
* If running in setuid mode, then only the 'stderr' output will
|
||||||
|
* be allowed
|
||||||
|
*
|
||||||
* Returns the number of output parsed and installed or -1 in case of error
|
* Returns the number of output parsed and installed or -1 in case of error
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs)
|
|||||||
virLogPriority prio;
|
virLogPriority prio;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
int count = 0;
|
int count = 0;
|
||||||
|
bool isSUID = virIsSUID();
|
||||||
|
|
||||||
if (cur == NULL)
|
if (cur == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs)
|
|||||||
if (virLogAddOutputToStderr(prio) == 0)
|
if (virLogAddOutputToStderr(prio) == 0)
|
||||||
count++;
|
count++;
|
||||||
} else if (STREQLEN(cur, "syslog", 6)) {
|
} else if (STREQLEN(cur, "syslog", 6)) {
|
||||||
|
if (isSUID)
|
||||||
|
goto cleanup;
|
||||||
cur += 6;
|
cur += 6;
|
||||||
if (*cur != ':')
|
if (*cur != ':')
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs)
|
|||||||
VIR_FREE(name);
|
VIR_FREE(name);
|
||||||
#endif /* HAVE_SYSLOG_H */
|
#endif /* HAVE_SYSLOG_H */
|
||||||
} else if (STREQLEN(cur, "file", 4)) {
|
} else if (STREQLEN(cur, "file", 4)) {
|
||||||
|
if (isSUID)
|
||||||
|
goto cleanup;
|
||||||
cur += 4;
|
cur += 4;
|
||||||
if (*cur != ':')
|
if (*cur != ':')
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs)
|
|||||||
VIR_FREE(name);
|
VIR_FREE(name);
|
||||||
VIR_FREE(abspath);
|
VIR_FREE(abspath);
|
||||||
} else if (STREQLEN(cur, "journald", 8)) {
|
} else if (STREQLEN(cur, "journald", 8)) {
|
||||||
|
if (isSUID)
|
||||||
|
goto cleanup;
|
||||||
cur += 8;
|
cur += 8;
|
||||||
#if USE_JOURNALD
|
#if USE_JOURNALD
|
||||||
if (virLogAddOutputToJournald(prio) == 0)
|
if (virLogAddOutputToJournald(prio) == 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user