62 lines
2.2 KiB
Diff
62 lines
2.2 KiB
Diff
From 3eaa16967f0546c5d1596bb6c36767cbe01040b9 Mon Sep 17 00:00:00 2001
|
|
Message-Id: <3eaa16967f0546c5d1596bb6c36767cbe01040b9@dist-git>
|
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
Date: Wed, 15 May 2019 21:40:56 +0100
|
|
Subject: [PATCH] admin: reject clients unless their UID matches the current
|
|
UID
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
The admin protocol RPC messages are only intended for use by the user
|
|
running the daemon. As such they should not be allowed for any client
|
|
UID that does not match the server UID.
|
|
|
|
Fixes CVE-2019-10132
|
|
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
|
|
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
|
|
Message-Id: <20190515204058.28077-2-berrange@redhat.com>
|
|
---
|
|
src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
|
|
1 file changed, 22 insertions(+)
|
|
|
|
diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
|
|
index b78ff902c0..9f25813ae3 100644
|
|
--- a/src/admin/admin_server_dispatch.c
|
|
+++ b/src/admin/admin_server_dispatch.c
|
|
@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
|
|
void *opaque)
|
|
{
|
|
struct daemonAdmClientPrivate *priv;
|
|
+ uid_t clientuid;
|
|
+ gid_t clientgid;
|
|
+ pid_t clientpid;
|
|
+ unsigned long long timestamp;
|
|
+
|
|
+ if (virNetServerClientGetUNIXIdentity(client,
|
|
+ &clientuid,
|
|
+ &clientgid,
|
|
+ &clientpid,
|
|
+ ×tamp) < 0)
|
|
+ return NULL;
|
|
+
|
|
+ VIR_DEBUG("New client pid %lld uid %lld",
|
|
+ (long long)clientpid,
|
|
+ (long long)clientuid);
|
|
+
|
|
+ if (geteuid() != clientuid) {
|
|
+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
|
|
+ (long long)clientpid,
|
|
+ (long long)clientuid);
|
|
+ return NULL;
|
|
+ }
|
|
|
|
if (VIR_ALLOC(priv) < 0)
|
|
return NULL;
|
|
--
|
|
2.22.0
|
|
|