rpc: require write acl for guest agent in virDomainInterfaceAddresses

CVE-2020-25637 Add a requirement for domain:write if source is set to VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2025-03-07 17:28:15 +00:00 · 2020-09-18 17:54:14 +02:00 · 2020-09-18 17:54:14 +02:00 · e4116eaa44
commit e4116eaa44
parent 50864dcda1
4 changed files with 4 additions and 3 deletions
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@ -6428,7 +6428,7 @@ libxlDomainInterfaceAddresses(virDomainPtr dom,
    if (!(vm = libxlDomObjFromDomain(dom)))
        goto cleanup;

-    if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0)
+    if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0)
        goto cleanup;

    if (virDomainObjCheckActive(vm) < 0)
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@ -1700,7 +1700,7 @@ lxcDomainInterfaceAddresses(virDomainPtr dom,
    if (!(vm = lxcDomObjFromDomain(dom)))
        goto cleanup;

-    if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0)
+    if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0)
        goto cleanup;

    if (virDomainObjCheckActive(vm) < 0)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@ -19004,7 +19004,7 @@ qemuDomainInterfaceAddresses(virDomainPtr dom,
    if (!(vm = qemuDomainObjFromDomain(dom)))
        goto cleanup;

-    if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def) < 0)
+    if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0)
        goto cleanup;

    if (virDomainObjCheckActive(vm) < 0)
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@ -6211,6 +6211,7 @@ enum remote_procedure {
    /**
     * @generate: none
     * @acl: domain:read
+     * @acl: domain:write::source:VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT
     */
    REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES = 353,