|
0 |
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
1 |
Date: Sat, 27 Jan 2018 23:43:58 +0100
|
|
2 |
Subject: virlog: determine the hostname on startup CVE-2018-6764
|
|
3 |
|
|
4 |
At later point it might not be possible or even safe to use getaddrinfo(). It
|
|
5 |
can in turn result in a load of NSS module.
|
|
6 |
|
|
7 |
Notably, on a LXC container startup we may find ourselves with the guest
|
|
8 |
filesystem already having replaced the host one. Loading a NSS module
|
|
9 |
from the guest tree would allow a malicous guest to escape the
|
|
10 |
confinement of its container environment because libvirt will not yet
|
|
11 |
have locked it down.
|
|
12 |
---
|
|
13 |
src/util/virlog.c | 14 +++++++++-----
|
|
14 |
1 file changed, 9 insertions(+), 5 deletions(-)
|
|
15 |
|
|
16 |
diff --git a/src/util/virlog.c b/src/util/virlog.c
|
|
17 |
index 68439b9..9105337 100644
|
|
18 |
--- a/src/util/virlog.c
|
|
19 |
+++ b/src/util/virlog.c
|
|
20 |
@@ -64,6 +64,7 @@
|
|
21 |
VIR_LOG_INIT("util.log");
|
|
22 |
|
|
23 |
static regex_t *virLogRegex;
|
|
24 |
+static char *virLogHostname;
|
|
25 |
|
|
26 |
|
|
27 |
#define VIR_LOG_DATE_REGEX "[0-9]{4}-[0-9]{2}-[0-9]{2}"
|
|
28 |
@@ -271,6 +272,12 @@ virLogOnceInit(void)
|
|
29 |
VIR_FREE(virLogRegex);
|
|
30 |
}
|
|
31 |
|
|
32 |
+ /* We get and remember the hostname early, because at later time
|
|
33 |
+ * it might not be possible to load NSS modules via getaddrinfo()
|
|
34 |
+ * (e.g. at container startup the host filesystem will not be
|
|
35 |
+ * accessible anymore. */
|
|
36 |
+ virLogHostname = virGetHostnameQuiet();
|
|
37 |
+
|
|
38 |
virLogUnlock();
|
|
39 |
return 0;
|
|
40 |
}
|
|
41 |
@@ -466,17 +473,14 @@ static int
|
|
42 |
virLogHostnameString(char **rawmsg,
|
|
43 |
char **msg)
|
|
44 |
{
|
|
45 |
- char *hostname = virGetHostnameQuiet();
|
|
46 |
char *hoststr;
|
|
47 |
|
|
48 |
- if (!hostname)
|
|
49 |
+ if (!virLogHostname)
|
|
50 |
return -1;
|
|
51 |
|
|
52 |
- if (virAsprintfQuiet(&hoststr, "hostname: %s", hostname) < 0) {
|
|
53 |
- VIR_FREE(hostname);
|
|
54 |
+ if (virAsprintfQuiet(&hoststr, "hostname: %s", virLogHostname) < 0) {
|
|
55 |
return -1;
|
|
56 |
}
|
|
57 |
- VIR_FREE(hostname);
|
|
58 |
|
|
59 |
if (virLogFormatString(msg, 0, NULL, VIR_LOG_INFO, hoststr) < 0) {
|
|
60 |
VIR_FREE(hoststr);
|