[libvirt] [PATCH 1/3] admin: reject clients unless their UID matches the current UID
Daniel P. Berrangé
berrange at redhat.com
Tue May 21 12:06:25 UTC 2019
The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.
Fixes CVE-2019-10132
Reviewed-by: Ján Tomko <jtomko at redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
index 85e693d76c..6e3b99f97d 100644
--- a/src/admin/admin_server_dispatch.c
+++ b/src/admin/admin_server_dispatch.c
@@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
void *opaque)
{
struct daemonAdmClientPrivate *priv;
+ uid_t clientuid;
+ gid_t clientgid;
+ pid_t clientpid;
+ unsigned long long timestamp;
+
+ if (virNetServerClientGetUNIXIdentity(client,
+ &clientuid,
+ &clientgid,
+ &clientpid,
+ ×tamp) < 0)
+ return NULL;
+
+ VIR_DEBUG("New client pid %lld uid %lld",
+ (long long)clientpid,
+ (long long)clientuid);
+
+ if (geteuid() != clientuid) {
+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
+ (long long)clientpid,
+ (long long)clientuid);
+ return NULL;
+ }
if (VIR_ALLOC(priv) < 0)
return NULL;
--
2.21.0
More information about the libvir-list
mailing list