Skip to content
Snippets Groups Projects
Commit 470d6f55 authored by Jano Tomko's avatar Jano Tomko
Browse files

api: disallow virDomainSaveImageGetXMLDesc on read-only connections 


The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: default avatarMatthias Gerstner <mgerstner@suse.de>
Signed-off-by: default avatarJán Tomko <jtomko@redhat.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit aed6a032)
Signed-off-by: default avatarJán Tomko <jtomko@redhat.com>

Conflicts:
  src/libvirt-domain.c
  src/remote/remote_protocol.x

Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
alias for VIR_DOMAIN_XML_SECURE is not backported.
Just skip the commit since we now disallow the whole API on read-only
connections, regardless of the flag.

Signed-off-by: default avatarJán Tomko <jtomko@redhat.com>
parent 7040c65e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment