libvirt

mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-07 18:35:46 +00:00

History

Daniel P. Berrange 3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400) The libvirt.so library has far too many library deps to allow linking against it from setuid programs. Those libraries can do stuff in __attribute__((constructor) functions which is not setuid safe. The virt-login-shell needs to link directly against individual files that it uses, with all library deps turned off except for libxml2 and libselinux. Create a libvirt-setuid-rpc-client.la library which is linked to by virt-login-shell. A config-post.h file allows this library to disable all external deps except libselinux and libxml2. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>	2013-10-21 14:03:52 +01:00
..
Makefile.am	Don't link virt-login-shell against libvirt.so (CVE-2013-4400)	2013-10-21 14:03:52 +01:00

Daniel P. Berrange 3e2f27e13b Don't link virt-login-shell against libvirt.so (CVE-2013-4400)

The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

2013-10-21 14:03:52 +01:00

Makefile.am

Don't link virt-login-shell against libvirt.so (CVE-2013-4400)

2013-10-21 14:03:52 +01:00