Codebase list libvirt / 6bc6e60
CVE-2019-10132: Fix vir{lock,log}d socket access All patches were cherry-picked from upstream's v5.0-maint branch. Closes: #929334 Guido Günther 4 years ago
4 changed file(s) with 150 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+53
-0
debian/patches/security/admin-reject-clients-unless-their-UID-matches-the-current.patch less more
0 From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange@redhat.com>
1 Date: Tue, 30 Apr 2019 17:26:13 +0100
2 Subject: admin: reject clients unless their UID matches the current UID
3 MIME-Version: 1.0
4 Content-Type: text/plain; charset="utf-8"
5 Content-Transfer-Encoding: 8bit
6
7 The admin protocol RPC messages are only intended for use by the user
8 running the daemon. As such they should not be allowed for any client
9 UID that does not match the server UID.
10
11 Fixes CVE-2019-10132
12
13 Reviewed-by: Ján Tomko <jtomko@redhat.com>
14 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
15 (cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
16 ---
17 src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
18 1 file changed, 22 insertions(+)
19
20 diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
21 index 85e693d..6e3b99f 100644
22 --- a/src/admin/admin_server_dispatch.c
23 +++ b/src/admin/admin_server_dispatch.c
24 @@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
25 void *opaque)
26 {
27 struct daemonAdmClientPrivate *priv;
28 + uid_t clientuid;
29 + gid_t clientgid;
30 + pid_t clientpid;
31 + unsigned long long timestamp;
32 +
33 + if (virNetServerClientGetUNIXIdentity(client,
34 + &clientuid,
35 + &clientgid,
36 + &clientpid,
37 + &timestamp) < 0)
38 + return NULL;
39 +
40 + VIR_DEBUG("New client pid %lld uid %lld",
41 + (long long)clientpid,
42 + (long long)clientuid);
43 +
44 + if (geteuid() != clientuid) {
45 + virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
46 + (long long)clientpid,
47 + (long long)clientuid);
48 + return NULL;
49 + }
50
51 if (VIR_ALLOC(priv) < 0)
52 return NULL;
+47
-0
debian/patches/security/locking-restrict-sockets-to-mode-0600.patch less more
0 From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange@redhat.com>
1 Date: Tue, 30 Apr 2019 16:51:37 +0100
2 Subject: locking: restrict sockets to mode 0600
3 MIME-Version: 1.0
4 Content-Type: text/plain; charset="utf-8"
5 Content-Transfer-Encoding: 8bit
6
7 The virtlockd daemon's only intended client is the libvirtd daemon. As
8 such it should never allow clients from other user accounts to connect.
9 The code already enforces this and drops clients from other UIDs, but
10 we can get earlier (and thus stronger) protection against DoS by setting
11 the socket permissions to 0600
12
13 Fixes CVE-2019-10132
14
15 Reviewed-by: Ján Tomko <jtomko@redhat.com>
16 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
17 (cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
18 ---
19 src/locking/virtlockd-admin.socket.in | 1 +
20 src/locking/virtlockd.socket.in | 1 +
21 2 files changed, 2 insertions(+)
22
23 diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
24 index 2a7500f..f674c49 100644
25 --- a/src/locking/virtlockd-admin.socket.in
26 +++ b/src/locking/virtlockd-admin.socket.in
27 @@ -5,6 +5,7 @@ Before=libvirtd.service
28 [Socket]
29 ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
30 Service=virtlockd.service
31 +SocketMode=0600
32
33 [Install]
34 WantedBy=sockets.target
35 diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
36 index 45e0f20..d701b27 100644
37 --- a/src/locking/virtlockd.socket.in
38 +++ b/src/locking/virtlockd.socket.in
39 @@ -4,6 +4,7 @@ Before=libvirtd.service
40
41 [Socket]
42 ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
43 +SocketMode=0600
44
45 [Install]
46 WantedBy=sockets.target
+47
-0
debian/patches/security/logging-restrict-sockets-to-mode-0600.patch less more
0 From: =?utf-8?b?IkRhbmllbCBQLiBCZXJyYW5nw6ki?= <berrange@redhat.com>
1 Date: Tue, 30 Apr 2019 17:27:41 +0100
2 Subject: logging: restrict sockets to mode 0600
3 MIME-Version: 1.0
4 Content-Type: text/plain; charset="utf-8"
5 Content-Transfer-Encoding: 8bit
6
7 The virtlogd daemon's only intended client is the libvirtd daemon. As
8 such it should never allow clients from other user accounts to connect.
9 The code already enforces this and drops clients from other UIDs, but
10 we can get earlier (and thus stronger) protection against DoS by setting
11 the socket permissions to 0600
12
13 Fixes CVE-2019-10132
14
15 Reviewed-by: Ján Tomko <jtomko@redhat.com>
16 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
17 (cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
18 ---
19 src/logging/virtlogd-admin.socket.in | 1 +
20 src/logging/virtlogd.socket.in | 1 +
21 2 files changed, 2 insertions(+)
22
23 diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
24 index 595e6c4..5c41dfe 100644
25 --- a/src/logging/virtlogd-admin.socket.in
26 +++ b/src/logging/virtlogd-admin.socket.in
27 @@ -5,6 +5,7 @@ Before=libvirtd.service
28 [Socket]
29 ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
30 Service=virtlogd.service
31 +SocketMode=0600
32
33 [Install]
34 WantedBy=sockets.target
35 diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
36 index 22b9360..ae48cda 100644
37 --- a/src/logging/virtlogd.socket.in
38 +++ b/src/logging/virtlogd.socket.in
39 @@ -4,6 +4,7 @@ Before=libvirtd.service
40
41 [Socket]
42 ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
43 +SocketMode=0600
44
45 [Install]
46 WantedBy=sockets.target
+3
-0
debian/patches/series less more
2121 api-disallow-virDomainGetHostname-for-read-only-connectio.patch
2222 remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
2323 cpu_map-Define-md-clear-CPUID-bit.patch
24 security/admin-reject-clients-unless-their-UID-matches-the-current.patch
25 security/locking-restrict-sockets-to-mode-0600.patch
26 security/logging-restrict-sockets-to-mode-0600.patch