• D
    Don't link virt-login-shell against libvirt.so (CVE-2013-4400) · 062ad8b2
    Daniel P. Berrange 提交于
    The libvirt.so library has far too many library deps to allow
    linking against it from setuid programs. Those libraries can
    do stuff in __attribute__((constructor) functions which is
    not setuid safe.
    
    The virt-login-shell needs to link directly against individual
    files that it uses, with all library deps turned off except
    for libxml2 and libselinux.
    
    Create a libvirt-setuid-rpc-client.la library which is linked
    to by virt-login-shell. A config-post.h file allows this library
    to disable all external deps except libselinux and libxml2.
    Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
    (cherry picked from commit 3e2f27e1)
    062ad8b2
Makefile.am 3.9 KB