提交 8c3586ea 编写于 作者: D Daniel P. Berrange

Only allow 'stderr' log output when running setuid (CVE-2013-4400)

We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 ae53e5d1
......@@ -1324,6 +1324,9 @@ int virLogPriorityFromSyslog(int priority ATTRIBUTE_UNUSED)
* Multiple output can be defined in a single @output, they just need to be
* separated by spaces.
*
* If running in setuid mode, then only the 'stderr' output will
* be allowed
*
* Returns the number of output parsed and installed or -1 in case of error
*/
int
......@@ -1335,6 +1338,7 @@ virLogParseOutputs(const char *outputs)
virLogPriority prio;
int ret = -1;
int count = 0;
bool isSUID = virIsSUID();
if (cur == NULL)
return -1;
......@@ -1354,6 +1358,8 @@ virLogParseOutputs(const char *outputs)
if (virLogAddOutputToStderr(prio) == 0)
count++;
} else if (STREQLEN(cur, "syslog", 6)) {
if (isSUID)
goto cleanup;
cur += 6;
if (*cur != ':')
goto cleanup;
......@@ -1371,6 +1377,8 @@ virLogParseOutputs(const char *outputs)
VIR_FREE(name);
#endif /* HAVE_SYSLOG_H */
} else if (STREQLEN(cur, "file", 4)) {
if (isSUID)
goto cleanup;
cur += 4;
if (*cur != ':')
goto cleanup;
......@@ -1391,6 +1399,8 @@ virLogParseOutputs(const char *outputs)
VIR_FREE(name);
VIR_FREE(abspath);
} else if (STREQLEN(cur, "journald", 8)) {
if (isSUID)
goto cleanup;
cur += 8;
#if USE_JOURNALD
if (virLogAddOutputToJournald(prio) == 0)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册