From 759b4d1b0fe5f4d84d98b99153dfa7ac289dd167 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Sat, 27 Jan 2018 23:43:58 +0100 Subject: [PATCH] virlog: determine the hostname on startup CVE-2018-6764 At later point it might not be possible or even safe to use getaddrinfo(). It can in turn result in a load of NSS module. Notably, on a LXC container startup we may find ourselves with the guest filesystem already having replaced the host one. Loading a NSS module from the guest tree would allow a malicous guest to escape the confinement of its container environment because libvirt will not yet have locked it down. --- src/util/virlog.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/util/virlog.c b/src/util/virlog.c index 68439b9194..9105337ce6 100644 --- a/src/util/virlog.c +++ b/src/util/virlog.c @@ -64,6 +64,7 @@ VIR_LOG_INIT("util.log"); static regex_t *virLogRegex; +static char *virLogHostname; #define VIR_LOG_DATE_REGEX "[0-9]{4}-[0-9]{2}-[0-9]{2}" @@ -271,6 +272,12 @@ virLogOnceInit(void) VIR_FREE(virLogRegex); } + /* We get and remember the hostname early, because at later time + * it might not be possible to load NSS modules via getaddrinfo() + * (e.g. at container startup the host filesystem will not be + * accessible anymore. */ + virLogHostname = virGetHostnameQuiet(); + virLogUnlock(); return 0; } @@ -466,17 +473,14 @@ static int virLogHostnameString(char **rawmsg, char **msg) { - char *hostname = virGetHostnameQuiet(); char *hoststr; - if (!hostname) + if (!virLogHostname) return -1; - if (virAsprintfQuiet(&hoststr, "hostname: %s", hostname) < 0) { - VIR_FREE(hostname); + if (virAsprintfQuiet(&hoststr, "hostname: %s", virLogHostname) < 0) { return -1; } - VIR_FREE(hostname); if (virLogFormatString(msg, 0, NULL, VIR_LOG_INFO, hoststr) < 0) { VIR_FREE(hoststr); -- GitLab