[libvirt] [PATCH] Introduce virConnectCrashDaemon API

Martin Kletzander mkletzan at redhat.com
Tue Apr 1 09:29:08 UTC 2014 

On Tue, Apr 01, 2014 at 09:44:16AM +0200, Peter Krempa wrote:
>On 04/01/14 09:34, Ján Tomko wrote:
>> This reduces the affect of an unexpected DoS vulnerablity in libvirtd.
>> ---
>>  include/libvirt/libvirt.h.in | 13 +++++++++++++
>>  src/driver.h                 |  5 +++++
>>  src/libvirt.c                | 32 +++++++++++++++++++++++++++++++
>>  src/libvirt_private.syms     |  1 +
>>  src/libvirt_public.syms      |  4 ++++
>>  src/qemu/qemu_driver.c       | 16 ++++++++++++++++
>>  src/remote/remote_driver.c   |  1 +
>>  src/remote/remote_protocol.x | 15 ++++++++++++++-
>>  src/util/virutil.c           | 23 ++++++++++++++++++++++
>>  src/util/virutil.h           |  1 +
>>  tools/virsh-host.c           | 45 ++++++++++++++++++++++++++++++++++++++++++++
>>  11 files changed, 155 insertions(+), 1 deletion(-)
>>
>
>...
>
>> +
>> +static bool
>> +cmdCrash(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED)
>> +{
>> +    unsigned int flags = VIR_CONNECT_CRASH_RANDOM;
>> +
>> +    if (vshCommandOptBool(cmd, "null"))
>> +        flags = VIR_CONNECT_CRASH_NULL_PTR;
>> +    if (vshCommandOptBool(cmd, "doublefree"))
>> +        flags = VIR_CONNECT_CRASH_DOUBLE_FREE;
>
>The random crash method is not accessible here.
>
>> +
>> +    virConnectCrashDaemon(ctl->conn, flags);
>> +    return true;
>> +}
>> +
>>  const vshCmdDef hostAndHypervisorCmds[] = {
>>      {.name = "capabilities",
>>       .handler = cmdCapabilities,
>
>I really like this API, this will allow us to decrease load on the
>libvirt-security list and avoid us having to go through the tedious CVE
>process for every little crasher.
>
>Additionally it will help attackers to avoid having to look through
>complex code paths to crash the daemon by presenting them with a very
>userfriendly API!
>

Unfortunately, this is not true if the daemon does not have a qemu
driver since it is implemented only in there.  This should rather be a
method in daemon/remote.c which would make it available in the daemon
without any particular driver.

Also, this should have @priority: high, not specifying the priority
makes it default to low which you really don't want to since it would
not be available if no priority workers are available.

Looking forward to v2 (in one year, is it?) :-)

Martin

>ACK if you support the random crash method too ;)
>
>Peter
>



>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140401/e831b2b4/attachment-0001.sig>

More information about the libvir-list mailing list