• D
    Don't link virt-login-shell against libvirt.so (CVE-2013-4400) · 31a3086d
    Daniel P. Berrange 提交于
    The libvirt.so library has far too many library deps to allow
    linking against it from setuid programs. Those libraries can
    do stuff in __attribute__((constructor) functions which is
    not setuid safe.
    
    The virt-login-shell needs to link directly against individual
    files that it uses, with all library deps turned off except
    for libxml2 and libselinux.
    
    Create a libvirt-setuid-rpc-client.la library which is linked
    to by virt-login-shell. A config-post.h file allows this library
    to disable all external deps except libselinux and libxml2.
    Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
    (cherry picked from commit 3e2f27e1)
    31a3086d
Makefile.am 3.9 KB
新手
引导
客服 返回
顶部