Skip to content
Snippets Groups Projects
Commit 7d3b95b0 authored by Jano Tomko's avatar Jano Tomko
Browse files

api: disallow virConnectGetDomainCapabilities on read-only connections 


This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: default avatarJán Tomko <jtomko@redhat.com>
Reviewed-by: default avatarDaniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8afa68ba)
Signed-off-by: default avatarJán Tomko <jtomko@redhat.com>
parent 4e16e7a3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment