[libvirt] [PATCH] security: provide supplemental groups even when parsing label (CVE-2013-4291)
Eric Blake
eblake at redhat.com
Thu Aug 29 15:03:52 UTC 2013
On 08/29/2013 08:53 AM, Daniel P. Berrange wrote:
> On Thu, Aug 29, 2013 at 08:47:11AM -0600, Eric Blake wrote:
>> Commit 29fe5d7 (released in 1.1.1) introduced a latent problem
>> for any caller of virSecurityManagerSetProcessLabel and where
>> the domain already had a uid:gid label to be parsed. Such a
>> setup would collect the list of supplementary groups during
>> virSecurityManagerPreFork, but then ignores that information,
>> and thus fails to call setgroups() to adjust the supplementary
>> groups of the process.
>>
> ACK
Thanks; pushed to master and v0.10.2-maint.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130829/dc38b22a/attachment-0001.sig>
More information about the libvir-list
mailing list