[libvirt] [PATCH 0/3] Fix access controls for virtlockd/virtlogd sockets

Daniel P. Berrangé posted 3 patches 4 years, 10 months ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20190521120626.24403-1-berrange@redhat.com
src/admin/admin_server_dispatch.c     | 22 ++++++++++++++++++++++
src/locking/virtlockd-admin.socket.in |  1 +
src/locking/virtlockd.socket.in       |  1 +
src/logging/virtlogd-admin.socket.in  |  1 +
src/logging/virtlogd.socket.in        |  1 +
5 files changed, 26 insertions(+)
[libvirt] [PATCH 0/3] Fix access controls for virtlockd/virtlogd sockets
Posted by Daniel P. Berrangé 4 years, 10 months ago
This series fixes CVE-2019-10132

It is pushed to master as it was reviewed on the security list
ahead of time.

Daniel P. Berrangé (3):
  admin: reject clients unless their UID matches the current UID
  locking: restrict sockets to mode 0600
  logging: restrict sockets to mode 0600

 src/admin/admin_server_dispatch.c     | 22 ++++++++++++++++++++++
 src/locking/virtlockd-admin.socket.in |  1 +
 src/locking/virtlockd.socket.in       |  1 +
 src/logging/virtlogd-admin.socket.in  |  1 +
 src/logging/virtlogd.socket.in        |  1 +
 5 files changed, 26 insertions(+)

-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list