[Libguestfs] [PATCH] libvirt: disallow non-local connections (RHBZ#1347830)
Richard W.M. Jones
rjones at redhat.com
Thu Jun 29 11:17:02 UTC 2017
On Wed, Jun 28, 2017 at 10:33:48AM +0200, Pino Toscano wrote:
> On Tuesday, 27 June 2017 22:56:25 CEST Richard W.M. Jones wrote:
> >
> > Not that I'm opposed to this patch, but there's a bit of history here:
> >
> > https://www.redhat.com/archives/libguestfs/2012-December/msg00120.html
>
> Hm it doesn't say much more about that though, and the solution I
> implemented is even less strict than what Dan suggested back then.
>
> > I think it would be good for libvirt to address the "is remote" issue,
> > which libvirt is (in theory) in the best place to address, eg by
> > comparing systemd /etc/machine-id on both systems.
>
> I took the approach from what virt-manager does, i.e. consider local
> connections whose URI has an empty hostname.
Right, but ::1 and 127.0.0.1 etc are non-empty hostnames which refer
to the local machine. I really think if we're going to add a check we
should add a correct check, and the only way to do this properly is in
libvirt.
> OTOH, currently in libvirt there is still no reliable way to detect
> whether some connection is local: the internal calculation of the UUID
> for the capabilities may use files and tools which can be read and run
> by root only, so the output on the same host changes depending on the
> user.
Can't we get libvirt to export the machine ID in capabilities?
There is already a //host/uuid field, but as you point out it
is different for different users (WTF?)
> > Then we could use that to deny remote URIs, but probably we wouldn't
> > want to deny it completely, but allow a way for callers to bypass the
> > check if they know better.
>
> That could be a good idea, how would you expect this bypass to look
> like?
I'm not sure. An extra parameter passed in .query_raw I suppose.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
More information about the Libguestfs
mailing list