From nobody Sun May  5 17:37:34 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 207.211.31.120 as permitted sender) client-ip=207.211.31.120;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=octiron.net
ARC-Seal: i=1; a=rsa-sha256; t=1590658348; cv=none;
	d=zohomail.com; s=zohoarc;
	b=DI9NOVdMx13XjgpnZGyMf2Frtkvh8d3CPIvT6cEblAhvMzyo6WUBvcklCmZ/cWa5a+/alAnkeJ0x09VOUeMAv3gpJdbTQ16AS1rwV5iDBqDWinQNnb9mTGrQ901BdIYdpNCvLylo0Tr/YeVTu4UMIaEP0CC9y+4ABpdf9hCS5TQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1590658348;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=X4M4PeszfXS/uEml6cBQZF1lD/97WyrUQjU5obM+iaE=;
	b=aiVo2N9uWhf9uJZAiqi8eql39h8ht39JEYpYv+49Lxiu6EFsvRR/7uEJ3ai+VtynKOhitvwbXvexovs9Mtn5zsvKrnyvTeR7KZ6kcwI/EzSsxNF1G0q1kofhCmy7ST9XN317MQ2xZPYoKGh+JpSX6q7kqKaplBJAK5+7bbiSJyI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<libvirt@octiron.net> (p=none dis=none)
 header.from=<libvirt@octiron.net>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [207.211.31.120]) by mx.zohomail.com
	with SMTPS id 1590658348804778.7611958389872;
 Thu, 28 May 2020 02:32:28 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-453-xgR0Jb0MODyCFLI0KF2K2A-1; Thu, 28 May 2020 05:32:23 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F050D8005AA;
	Thu, 28 May 2020 09:32:17 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C57E5C1B0;
	Thu, 28 May 2020 09:32:16 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id A5EE51809542;
	Thu, 28 May 2020 09:32:11 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 04S9WANd022049 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 28 May 2020 05:32:10 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 2CDCDDEE9D; Thu, 28 May 2020 09:32:10 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 291BADBB15
	for <libvir-list@redhat.com>; Thu, 28 May 2020 09:32:08 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 257B182882B
	for <libvir-list@redhat.com>; Thu, 28 May 2020 09:32:08 +0000 (UTC)
Received: from chalk.uuid.uk (chalk.uuid.uk [51.68.227.198]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-387-F6V25BmNPY-s2ZIvDlpUiQ-1;
	Thu, 28 May 2020 05:32:05 -0400
Received: by chalk.uuid.uk with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <libvirt@octiron.net>) id 1jeEtO-0005kp-1R
	for libvir-list@redhat.com; Thu, 28 May 2020 10:32:02 +0100
Received: by tsort.uuid.uk with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <libvirt@octiron.net>) id 1jeEtE-0003Ce-RL
	for libvir-list@redhat.com; Thu, 28 May 2020 10:32:00 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1590658345;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=X4M4PeszfXS/uEml6cBQZF1lD/97WyrUQjU5obM+iaE=;
	b=MX5jZJfW7SzGzVClpsV+E7/y9rJH3aWWh96/34YBlsOK1KBJXPdsOBXdjXeQl6qOXrFs7L
	S5md8F1sGVvf6zEs19OZli95CD/Zb9xSry14fyOK5XPHbAtMjPhsuZgL98C2lop7G23VuM
	uOv5j1lUmMDVuiqWXgBb44np0LDROB4=
X-MC-Unique: xgR0Jb0MODyCFLI0KF2K2A-1
X-MC-Unique: F6V25BmNPY-s2ZIvDlpUiQ-1
To: libvir-list@redhat.com
From: Simon Arlott <libvirt@octiron.net>
Subject: [PATCH] virt-aa-helper: disallow graphics socket read permissions
Message-ID: 
 <361bdcf9-7954-e1d8-017f-9beabb0bdb7d@0882a8b5-c6c3-11e9-b005-00805fc181fe>
Date: Thu, 28 May 2020 10:31:52 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
	Thunderbird/68.7.0
MIME-Version: 1.0
Content-Language: en-GB
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The VM does not need read permission for its own sockets to create(),
bind(), accept() connections or to recv(), send(), etc. on connections.

This was fixed in ab9569e5460d1e4737fe8b625c67687dc2204665
(virt-aa-helper: disallow VNC socket read permissions),
but then b6465e1aa49397367a9cd0f27110b9c2280a7385
(graphics: introduce new listen type 'socket')
and acc83afe333bfadd3f7f79091d38ca3d7da1eeb2
(acc83afe333bfadd3f7f79091d38ca3d7da1eeb2) reverted it.

Unless the read permission is omitted, VMs can connect to each other's
VNC/graphics sockets.

Signed-off-by: Simon Arlott <libvirt@octiron.net>
---
 src/security/virt-aa-helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 6e6dd1b1db..fddbdafc41 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1053,7 +1053,7 @@ get_files(vahControl * ctl)
=20
             if (listenObj.type =3D=3D VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_SOCK=
ET &&
                 listenObj.socket &&
-                vah_add_file(&buf, listenObj.socket, "rw"))
+                vah_add_file(&buf, listenObj.socket, "w"))
                 goto cleanup;
         }
     }
--=20
2.17.1

--=20
Simon Arlott