From nobody Thu May  2 05:08:29 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1561032127; cv=none;
	d=zoho.com; s=zohoarc;
	b=UfftEnBfKQRRzwMARUNlTv44gVgNkOZR+FeSmZGx9zpKB4kAJmdqamdDWfdvGTo2IRRomN1HIvnlEQWQC2Vn/qzftsaDDKCDb1aBwLoFfDniI1sC+1qUqPYSgFUtJLVvpmYZNLdNCX+JdUbkRdcFktdGDH127TF/wNSCSbiqtlc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1561032127;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=FgzdoJnH0DoD48PSspXQJLSIUC4r28IulVDbz8gFbVk=;
	b=dFqbyBwoFW6M5920EiDOoiSmWmH9Y/zjeMqPPbLeQdKJ4biLiKUcYa2ErzV0bza5pNkcbM2/1djSfRszllBUf8J8ebuVYKVnl1XUX4LCHpu+Tr6emgiDYoym0ZxuLqDHomrbEBl09OcLAbMHm2fcLVG5+U9xdGohwPvqqvDWot0=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<jtomko@redhat.com> (p=none dis=none)
 header.from=<jtomko@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1561032127014906.2313155365227;
 Thu, 20 Jun 2019 05:02:07 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A2FF1780E4;
	Thu, 20 Jun 2019 12:01:57 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 793681001B3C;
	Thu, 20 Jun 2019 12:01:56 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 14F591806B15;
	Thu, 20 Jun 2019 12:01:54 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x5KC1qPX006796 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 20 Jun 2019 08:01:52 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 1CA0C608D0; Thu, 20 Jun 2019 12:01:52 +0000 (UTC)
Received: from lpt.brq.redhat.com (unknown [10.43.2.1])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 9ACAB60605
	for <libvir-list@redhat.com>; Thu, 20 Jun 2019 12:01:51 +0000 (UTC)
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 20 Jun 2019 14:02:09 +0200
Message-Id: 
 <aed6a032cead4386472afb24b16196579e239580.1561032101.git.jtomko@redhat.com>
In-Reply-To: <cover.1561032101.git.jtomko@redhat.com>
References: <cover.1561032101.git.jtomko@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 1/4] api: disallow virDomainSaveImageGetXMLDesc on
	read-only connections
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Thu, 20 Jun 2019 12:02:05 +0000 (UTC)

The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: J=C3=A1n Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/libvirt-domain.c         | 11 ++---------
 src/qemu/qemu_driver.c       |  2 +-
 src/remote/remote_protocol.x |  3 +--
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 509ce5ac8b..b15726caa9 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char =
*from, const char *dxml,
  * previously by virDomainSave() or virDomainSaveFlags().
  *
  * No security-sensitive data will be included unless @flags contains
- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
- * connections.
+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
  *
  * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
  * error.  The caller must free() the returned value.
@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, con=
st char *file,
=20
     virCheckConnectReturn(conn, NULL);
     virCheckNonNullArgGoto(file, error);
-
-    if ((conn->flags & VIR_CONNECT_RO) &&
-        (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
-        virReportError(VIR_ERR_OPERATION_DENIED, "%s",
-                       _("virDomainSaveImageGetXMLDesc with secure flag"));
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
=20
     if (conn->driver->domainSaveImageGetXMLDesc) {
         char *ret;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 2127a5bc3d..40a2aa440f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7036,7 +7036,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, con=
st char *path,
     if (fd < 0)
         goto cleanup;
=20
-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
         goto cleanup;
=20
     ret =3D qemuDomainDefFormatXML(driver, def, flags);
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index d64b494cef..2e45b5cef0 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -5319,8 +5319,7 @@ enum remote_procedure {
     /**
      * @generate: both
      * @priority: high
-     * @acl: domain:read
-     * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC =3D 235,
=20
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 05:08:29 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1561032145; cv=none;
	d=zoho.com; s=zohoarc;
	b=iuTQE70LRNl90/G7U7X4RkMuLQx8fstJM44fVa6pai050u66/KWBlUex1bdNXKuTGbcq4aNAy9ogxJBTJ+oYWmlTOToLQWlYmyM6p32gH4LZUK4M+t2jUCR/VWIwThxYS3zQiYmukHppQNMsY2/DPMaLtFufokUd/DC9COBvoQ8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1561032145;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=bOFfXyJ64CqbLeK5Ot0oOOCMrXRjzfiK8pwuY5f6pHQ=;
	b=Seg1Fh8kt3qJ6oxhcOF+dL2eUWeL3BdAsZNl6JvQtpPktATbviuLwNlGFMiOqk1ERjYRVPa8HekBR2qYcYmBInrb4gRZzcCzmTLVwsuPeMyyyfS4O4LPPKLcR/1jC+vPf5C6E36Fk8jWF6y86BVWwVtkPfpB7hDgwgCP73T/tg8=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<jtomko@redhat.com> (p=none dis=none)
 header.from=<jtomko@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1561032145377916.814893008573;
 Thu, 20 Jun 2019 05:02:25 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A1E19C18B2E5;
	Thu, 20 Jun 2019 12:02:18 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 782D218B06;
	Thu, 20 Jun 2019 12:02:16 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 368501806B16;
	Thu, 20 Jun 2019 12:02:16 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x5KC1qO8006804 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 20 Jun 2019 08:01:52 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id DE9CD60605; Thu, 20 Jun 2019 12:01:52 +0000 (UTC)
Received: from lpt.brq.redhat.com (unknown [10.43.2.1])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 694F860A97
	for <libvir-list@redhat.com>; Thu, 20 Jun 2019 12:01:52 +0000 (UTC)
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 20 Jun 2019 14:02:10 +0200
Message-Id: 
 <db0b78457f183e4c7ac45bc94de86044a1e2056a.1561032102.git.jtomko@redhat.com>
In-Reply-To: <cover.1561032101.git.jtomko@redhat.com>
References: <cover.1561032101.git.jtomko@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 2/4] api: disallow virDomainManagedSaveDefineXML
	on read-only connections
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]);
 Thu, 20 Jun 2019 12:02:24 +0000 (UTC)

The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <mgerstner@suse.de>
Signed-off-by: J=C3=A1n Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/libvirt-domain.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index b15726caa9..6355f497ce 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -9570,6 +9570,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, co=
nst char *dxml,
=20
     virCheckDomainReturn(domain, -1);
     conn =3D domain->conn;
+    virCheckReadOnlyGoto(conn->flags, error);
=20
     if (conn->driver->domainManagedSaveDefineXML) {
         int ret;
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 05:08:29 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1561032165; cv=none;
	d=zoho.com; s=zohoarc;
	b=omHpsFxH39z3OO0ghwklxYxMEURyIcGYQgAPauj+t8q694AtgyDamEjYUEEMXWx2poJ9EvLB1J7XWFoVPUHGgZeJaKMHD7aD0aH5LjHmLtP4oYmaTRcN8uNIrgXSY2BMaqkKUnKlK8H7lLm4e+MZ3anzQlZe233aesdvb4d28Xk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1561032165;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=/eSPiFNEUggClsJsgPmgoAKSxfYA07bB+UDV3JpDEa4=;
	b=NnSzykb4ZCy3VO1W2j6vDPUSvqWINwfeV6MEjVzwWW2xcsRtJv8W+sAupYsQIftcifa9TGE3KYpu5+YifhSlv4ELN+0Gh77h6QcbopBG64xZLISvYR/vGWv0cog1hjjSNltzZI92sH15QcgtbAcrkPfyMagApEO6McRMXoauySM=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<jtomko@redhat.com> (p=none dis=none)
 header.from=<jtomko@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1561032165275618.2733044634645;
 Thu, 20 Jun 2019 05:02:45 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id BC74D30A079C;
	Thu, 20 Jun 2019 12:02:34 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8A6771001E69;
	Thu, 20 Jun 2019 12:02:32 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4E90E206D2;
	Thu, 20 Jun 2019 12:02:31 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x5KC1rYX006811 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 20 Jun 2019 08:01:53 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id AD1BF608D0; Thu, 20 Jun 2019 12:01:53 +0000 (UTC)
Received: from lpt.brq.redhat.com (unknown [10.43.2.1])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3700B60A97
	for <libvir-list@redhat.com>; Thu, 20 Jun 2019 12:01:53 +0000 (UTC)
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 20 Jun 2019 14:02:11 +0200
Message-Id: 
 <8afa68bac0cf99d1f8aaa6566685c43c22622f26.1561032102.git.jtomko@redhat.com>
In-Reply-To: <cover.1561032101.git.jtomko@redhat.com>
References: <cover.1561032101.git.jtomko@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 3/4] api: disallow virConnectGetDomainCapabilities
	on read-only connections
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]);
 Thu, 20 Jun 2019 12:02:35 +0000 (UTC)

This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: J=C3=A1n Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/libvirt-domain.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 6355f497ce..50767a75ed 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11367,6 +11367,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
     virResetLastError();
=20
     virCheckConnectReturn(conn, NULL);
+    virCheckReadOnlyGoto(conn->flags, error);
=20
     if (conn->driver->connectGetDomainCapabilities) {
         char *ret;
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 05:08:29 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1561032157; cv=none;
	d=zoho.com; s=zohoarc;
	b=fCViojjzQtVXAqkpLBd67mh+VPzSrj4++FXLHFnjHvP/lJlaSZCEaA+gvlJGiAL4rxjIrTWIJwNt9R2TnKAf/SfPvMvWpWTYgAJpskHE/y2AL6zh/4FG1aUOxfjSYnKfwdUlWHutQBYB3c7d79a1RfYnu7yEcoUAZ8oeEuSUyfY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1561032157;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=Va9TQ23RzA2GN01iqYotMVCvWdO3mUjEPJdo8HcAj1c=;
	b=dm0MIlgwwXGY/IfTTcFwlnMkJH/DU+Hvjyqu8LDAG79lRmMosBrCI+/QpybwqiYgoJLn2EPBOTAENJjpOsFMuhjBlpOhDgPA8InytWU6eZSS7f76QjZHo33U9jlit10DsjPLKxMoSy5bbPVx6agRUWYPyLMkWjuZrlRN6cIbmGU=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<jtomko@redhat.com> (p=none dis=none)
 header.from=<jtomko@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1561032157899343.8476436396544;
 Thu, 20 Jun 2019 05:02:37 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 54E0530C1CBF;
	Thu, 20 Jun 2019 12:02:26 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F23A19C5B;
	Thu, 20 Jun 2019 12:02:25 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3F093206D2;
	Thu, 20 Jun 2019 12:02:24 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x5KC1skR006819 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 20 Jun 2019 08:01:54 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 815AB60605; Thu, 20 Jun 2019 12:01:54 +0000 (UTC)
Received: from lpt.brq.redhat.com (unknown [10.43.2.1])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 0B19560A97
	for <libvir-list@redhat.com>; Thu, 20 Jun 2019 12:01:53 +0000 (UTC)
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 20 Jun 2019 14:02:12 +0200
Message-Id: 
 <bf6c2830b6c338b1f5699b095df36f374777b291.1561032102.git.jtomko@redhat.com>
In-Reply-To: <cover.1561032101.git.jtomko@redhat.com>
References: <cover.1561032101.git.jtomko@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 4/4] api: disallow virConnect*HypervisorCPU on
	read-only connections
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Thu, 20 Jun 2019 12:02:31 +0000 (UTC)

These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.

Fixes: CVE-2019-10168
Signed-off-by: J=C3=A1n Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/libvirt-host.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index e20d6ee250..2978825d22 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
=20
     virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
     virCheckNonNullArgGoto(xmlCPU, error);
+    virCheckReadOnlyGoto(conn->flags, error);
=20
     if (conn->driver->connectCompareHypervisorCPU) {
         int ret;
@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
=20
     virCheckConnectReturn(conn, NULL);
     virCheckNonNullArgGoto(xmlCPUs, error);
+    virCheckReadOnlyGoto(conn->flags, error);
=20
     if (conn->driver->connectBaselineHypervisorCPU) {
         char *cpu;
--=20
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list