Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
The virConnectDomainXMLToNative API should require 'connect:write' not 'connect:read', since it will trigger execution of the QEMU binaries listed in the XML. Also make virConnectDomainXMLFromNative API require a full read-write connection and 'connect:write' permission. Although the current impl doesn't trigger execution of QEMU, we should not rely on that impl detail from an API permissioning POV. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 57687fd6)
Showing
想要评论请 注册 或 登录