[libvirt] [PATCH] schema: Relax schema for domain name
Peter Krempa
pkrempa at redhat.com
Wed Jan 25 15:18:53 UTC 2012
On 01/23/2012 07:09 PM, Daniel P. Berrange wrote:
> On Mon, Jan 23, 2012 at 06:53:17PM +0100, Peter Krempa wrote:
>> The domain schema enforced restrictions on the domain name string that
>> the code doesn't. This patch relaxes the check, leaving the restrictions
>> on the driver or hypervisor.
>> ---
>> And maybe we should consider adding some restrictions on the qemu driver, as the daemon
>> is competely fine with creating a domain with the name "../../../../../../../test" that
>> has its configuration stored in "/test.xml" then.
>
> I don't think we should remove the pattern entirely. If we want a more
> general pattern though, we could do an 'allow all', and blacklist
> just '/' and perhaps a few other characters.
Well, slash is one of those symbols, that some hypervisors happily take
as a valid domain name without screwing up their config files. I think
we should blacklist only the newline and let the hypervisor decide what
they accept and what not.
Peter
>
> I think we should also fix the drivers to check this, since once we
> have stricter access control support in libvirt, the kind of issue
> you describe with QEMU will be classed as a CVE security exploit.
>
>
> Daniel
More information about the libvir-list
mailing list