External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 13:45:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
12,506 Commits 67 Branches 629 Tags 865 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
220c6b867c
Go to file
Eric Blake 220c6b867c CVE-2014-7823: dumpxml: security hole with migratable flag 
Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
the qemu implementation of virDomainGetXMLDesc, the use of the
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
prior to calling qemuDomainFormatXML.  However, the use of
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
clients only.  This patch treats the migratable flag as requiring
the same permissions, rather than analyzing what might break if
migratable xml no longer includes secret information.

Fortunately, the information leak is low-risk: all that is gated
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
but VNC passwords are already weak (FIPS forbids their use, and
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
password sent in plaintext over the network deserves what they
get).  SPICE offers better security than VNC, and all other
secrets are properly protected by use of virSecret associations
rather than direct output in domain XML.

* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
Tighten rules on use of migratable flag.
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit b1674ad5a9)

Conflicts:
	src/libvirt-domain.c - file split from older src/libvirt.c; context with older virLibConnError
	src/remote/remote_protocol.x - no fine-grained ACLs
Signed-off-by: Eric Blake <eblake@redhat.com>
2014-11-10 09:33:56 -07:00
.gnulib@92f3a4c8e5 maint: update to latest gnulib 2013-09-18 15:04:36 -06:00
build-aux Document bracket whitespace rules & add syntax-check rule 2012-11-02 14:00:32 +00:00
daemon Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) 2013-09-18 15:08:35 -06:00
docs docs: publish correct enum values 2014-06-26 18:11:01 -06:00
examples hellolibvirt: Adjust code to use new APIs 2013-03-04 17:36:03 -05:00
gnulib build: fix 'make check' with newer git 2014-07-03 06:20:29 -06:00
include Introduce virDomainMigrate*CompressionCache APIs 2013-02-22 17:35:59 +01:00
m4 Fix typo in configure.ac causing $LIBS to gain a copy of $CFLAGS 2013-02-05 18:04:16 +00:00
po Release of libvirt 1.0.3 2013-03-05 12:00:53 +08:00
python python: fix fd leak in generator.py 2013-03-01 15:49:07 +08:00
src CVE-2014-7823: dumpxml: security hole with migratable flag 2014-11-10 09:33:56 -07:00
tests Remove virConnectPtr arg from virNWFilterDefParse* 2014-02-06 15:46:27 +02:00
tools build: use proper pod for nested bulleted VIRSH_DEBUG list 2014-01-15 11:01:46 -07:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore Add autogenerated lxc_protocol.[ch] to gitignore 2013-02-18 08:57:57 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
autobuild.sh Switch automated builds to use Mingw64 toolchain instead of Mingw32 2012-06-25 10:41:10 +01:00
autogen.sh build: fix incremental autogen.sh when no AUTHORS is present 2012-12-03 14:59:09 -07:00
bootstrap maint: update to latest gnulib 2013-09-18 15:04:30 -06:00
bootstrap.conf build: more mingw fixes 2013-02-15 15:45:52 -07:00
cfg.mk util: portably check for unchanged uid 2013-03-15 14:47:39 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 17:44:15 +01:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
HACKING Turn virSecurityManager into a virObjectLockable 2013-02-11 12:33:41 +00:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 17:44:15 +01:00
Makefile.am build: Fix AUTHORS generation 2012-12-17 21:17:55 +01:00
Makefile.nonreentrant Ban use of all inet_* functions 2010-10-22 11:59:23 +01:00
mingw-libvirt.spec.in spec: indent %if to make it easier to see conditions 2013-01-21 10:36:14 -07:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>