Codebase list libvirt / 183d1b2
drop duplicate patches Guido Günther 15 years ago
3 changed file(s) with 0 addition(s) and 269 deletion(s). Raw diff Collapse all Expand all
+0
-188
debian/patches/0011-Fix-missing-read-only-access-checks-CVE-2008-5086.patch less more
0 From 7855c34e1517163aa7a4c58f6c4fff762cef515b Mon Sep 17 00:00:00 2001
1 From: Daniel P. Berrange <berrange@redhat.com>
2 Date: Wed, 17 Dec 2008 16:55:58 +0000
3 Subject: [PATCH] Fix missing read-only access checks (CVE-2008-5086)
4
5 The following methods in libvirt.c are missing a check against the
6 read-only connection flag:
7
8 virDomainMigrate
9 virDomainMigratePrepare
10 virDomainMigratePerform
11 virDomainMigrateFinish
12 virDomainMigratePrepare2
13 virDomainMigrateFinish2
14 virDomainBlockPeek
15 virDomainMemoryPeek
16 virDomainSetAutostart
17 virNetworkSetAutostart
18 virConnectFindStoragePoolSources
19 virStoragePoolSetAutostart
20
21 If using PolicyKit auth, the default policy will allow any local user
22 to make a read-only connection to the libvirtd daemon without needing
23 authentication.
24
25 If not using PolicyKit, the default libvirtd.conf configuration settings
26 will allow an unprivileged user to make a read-only connection to the
27 libvirtd daemon without needing authentication.
28
29 Thus out of the box unprivileged local users may be able to migrate VMs,
30 set or unset the autostart flag for domains, networks & storage pools,
31 and access privileged data in the VM memory, or disks.
32
33 All TCP remote connections are read-write, and default settings require
34 full authentication, thus remote access is not impacted by this flaw.
35
36 Administrators can apply a workaround by editting /etc/libvirt/libvirtd.conf
37 to explicitly set 'unix_sock_ro_perms' parameter to '0700'. Restart the
38 libvirtd daemon after making this change.
39
40 The first vulnerable release was 0.3.2, where the virDomainMigrate API
41 was added for the Xen driver. Other APIs were added in various subsequent
42 releases depending on the hypervisor driver in question.
43
44 The attached patch has been committed to CVS, and OS distributors are
45 recommended to apply this patch to all existing releases shipped. It
46 was diff'd against current CVS head, and applies against 0.5.1, and
47 is trivially re-diffable for all earlier releases.
48
49 This flaw has been assigned the identifier CVE-2008-5086
50
51 Daniel
52 ---
53 src/libvirt.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
54 1 files changed, 55 insertions(+), 0 deletions(-)
55
56 diff --git a/src/libvirt.c b/src/libvirt.c
57 index ed98323..02f67b7 100644
58 --- a/src/libvirt.c
59 +++ b/src/libvirt.c
60 @@ -2180,6 +2180,16 @@ virDomainMigrate (virDomainPtr domain,
61 return NULL;
62 }
63
64 + if (domain->conn->flags & VIR_CONNECT_RO) {
65 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
66 + return NULL;
67 + }
68 + if (dconn->flags & VIR_CONNECT_RO) {
69 + /* NB, delibrately report error against source object, not dest here */
70 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
71 + return NULL;
72 + }
73 +
74 /* Check that migration is supported by both drivers. */
75 if (!VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn,
76 VIR_DRV_FEATURE_MIGRATION_V1) ||
77 @@ -2257,6 +2267,11 @@ __virDomainMigratePrepare (virConnectPtr dconn,
78 return -1;
79 }
80
81 + if (dconn->flags & VIR_CONNECT_RO) {
82 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
83 + return -1;
84 + }
85 +
86 if (dconn->driver->domainMigratePrepare)
87 return dconn->driver->domainMigratePrepare (dconn, cookie, cookielen,
88 uri_in, uri_out,
89 @@ -2287,6 +2302,11 @@ __virDomainMigratePerform (virDomainPtr domain,
90 }
91 conn = domain->conn;
92
93 + if (domain->conn->flags & VIR_CONNECT_RO) {
94 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
95 + return -1;
96 + }
97 +
98 if (conn->driver->domainMigratePerform)
99 return conn->driver->domainMigratePerform (domain, cookie, cookielen,
100 uri,
101 @@ -2314,6 +2334,11 @@ __virDomainMigrateFinish (virConnectPtr dconn,
102 return NULL;
103 }
104
105 + if (dconn->flags & VIR_CONNECT_RO) {
106 + virLibConnError(dconn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
107 + return NULL;
108 + }
109 +
110 if (dconn->driver->domainMigrateFinish)
111 return dconn->driver->domainMigrateFinish (dconn, dname,
112 cookie, cookielen,
113 @@ -2671,6 +2696,11 @@ virDomainBlockPeek (virDomainPtr dom,
114 }
115 conn = dom->conn;
116
117 + if (dom->conn->flags & VIR_CONNECT_RO) {
118 + virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
119 + return (-1);
120 + }
121 +
122 if (!path) {
123 virLibDomainError (dom, VIR_ERR_INVALID_ARG,
124 _("path is NULL"));
125 @@ -2746,6 +2776,11 @@ virDomainMemoryPeek (virDomainPtr dom,
126 }
127 conn = dom->conn;
128
129 + if (dom->conn->flags & VIR_CONNECT_RO) {
130 + virLibDomainError(dom, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
131 + return (-1);
132 + }
133 +
134 /* Flags must be VIR_MEMORY_VIRTUAL at the moment.
135 *
136 * Note on access to physical memory: A VIR_MEMORY_PHYSICAL flag is
137 @@ -3013,6 +3048,11 @@ virDomainSetAutostart(virDomainPtr domain,
138
139 conn = domain->conn;
140
141 + if (domain->conn->flags & VIR_CONNECT_RO) {
142 + virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
143 + return (-1);
144 + }
145 +
146 if (conn->driver->domainSetAutostart)
147 return conn->driver->domainSetAutostart (domain, autostart);
148
149 @@ -3963,6 +4003,11 @@ virNetworkSetAutostart(virNetworkPtr network,
150 return (-1);
151 }
152
153 + if (network->conn->flags & VIR_CONNECT_RO) {
154 + virLibNetworkError(network, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
155 + return (-1);
156 + }
157 +
158 conn = network->conn;
159
160 if (conn->networkDriver && conn->networkDriver->networkSetAutostart)
161 @@ -4161,6 +4206,11 @@ virConnectFindStoragePoolSources(virConnectPtr conn,
162 return NULL;
163 }
164
165 + if (conn->flags & VIR_CONNECT_RO) {
166 + virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
167 + return NULL;
168 + }
169 +
170 if (conn->storageDriver && conn->storageDriver->findPoolSources)
171 return conn->storageDriver->findPoolSources(conn, type, srcSpec, flags);
172
173 @@ -4834,6 +4884,11 @@ virStoragePoolSetAutostart(virStoragePoolPtr pool,
174 return (-1);
175 }
176
177 + if (pool->conn->flags & VIR_CONNECT_RO) {
178 + virLibStoragePoolError(pool, VIR_ERR_OPERATION_DENIED, __FUNCTION__);
179 + return (-1);
180 + }
181 +
182 conn = pool->conn;
183
184 if (conn->storageDriver && conn->storageDriver->poolSetAutostart)
185 --
186 1.6.0.3
187
+0
-23
debian/patches/0012-don-t-fail-on-missing-locales.patch less more
0 From: =?utf-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
1 Date: Fri, 23 Jan 2009 16:25:33 +0100
2 Subject: [PATCH] don't fail on missing locales
3
4 Closes: #512721
5 ---
6 src/virsh.c | 2 +-
7 1 files changed, 1 insertions(+), 1 deletions(-)
8
9 diff --git a/src/virsh.c b/src/virsh.c
10 index b8abb69..2a3efb3 100644
11 --- a/src/virsh.c
12 +++ b/src/virsh.c
13 @@ -6949,7 +6949,7 @@ main(int argc, char **argv)
14
15 if (!setlocale(LC_ALL, "")) {
16 perror("setlocale");
17 - return -1;
18 + /* failure to setup locale is not fatal */
19 }
20 if (!bindtextdomain(GETTEXT_PACKAGE, LOCALEBASEDIR)) {
21 perror("bindtextdomain");
22 --
+0
-58
debian/patches/0013-Don-t-hardcode-ssh-port.patch less more
0 From: =?utf-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
1 Date: Fri, 30 Jan 2009 22:01:15 +0100
2 Subject: [PATCH] Don't hardcode ssh port
3
4 based on a patch by Adrian Bridgett.
5
6 Closes: #513605
7 ---
8 src/remote_internal.c | 14 +++++++-------
9 1 files changed, 7 insertions(+), 7 deletions(-)
10
11 diff --git a/src/remote_internal.c b/src/remote_internal.c
12 index 66de9d5..4eb0eb2 100644
13 --- a/src/remote_internal.c
14 +++ b/src/remote_internal.c
15 @@ -319,9 +319,6 @@ doRemoteOpen (virConnectPtr conn,
16 } else if (transport == trans_tcp) {
17 port = strdup (LIBVIRTD_TCP_PORT);
18 if (!port) goto out_of_memory;
19 - } else if (transport == trans_ssh) {
20 - port = strdup ("22");
21 - if (!port) goto out_of_memory;
22 } else
23 port = NULL; /* Port not used for unix, ext. */
24
25 @@ -593,24 +590,27 @@ doRemoteOpen (virConnectPtr conn,
26 }
27
28 case trans_ssh: {
29 - int j, nr_args = 8;
30 + int j, nr_args = 6;
31
32 if (username) nr_args += 2; /* For -l username */
33 if (no_tty) nr_args += 5; /* For -T -o BatchMode=yes -e none */
34 + if (port) nr_args += 2; /* For -p port */
35
36 command = command ? : strdup ("ssh");
37 if (command == NULL)
38 goto out_of_memory;
39
40 // Generate the final command argv[] array.
41 - // ssh -p $port [-l $username] $hostname $netcat -U $sockname [NULL]
42 + // ssh [-p $port] [-l $username] $hostname $netcat -U $sockname [NULL]
43 if (VIR_ALLOC_N(cmd_argv, nr_args) < 0)
44 goto out_of_memory;
45
46 j = 0;
47 cmd_argv[j++] = strdup (command);
48 - cmd_argv[j++] = strdup ("-p");
49 - cmd_argv[j++] = strdup (port);
50 + if (port) {
51 + cmd_argv[j++] = strdup ("-p");
52 + cmd_argv[j++] = strdup (port);
53 + }
54 if (username) {
55 cmd_argv[j++] = strdup ("-l");
56 cmd_argv[j++] = strdup (username);
57 --