1. Patchew
  2. QEMU
  3. [PATCH 00/14] Improve mechanism for configuring allowed commands
  4. View patch

[PATCH 14/14] qga: mark guest-ssh-* / guest-*-password commands with 'unrestricted' flag

Daniel P. Berrangé posted 14 patches 5 months, 3 weeks ago
[PATCH 14/14] qga: mark guest-ssh-* / guest-*-password commands with 'unrestricted' flag
Posted by Daniel P. Berrangé 5 months, 3 weeks ago 
This blocks use of all the 'guest-ssh-*' / 'guest-password' commands
unless the QGA is runwith the --unrestricted command line argument.

These commands allow the host admin to takeover user accounts and so
directly compromise the guest OS.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 qga/qapi-schema.json | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 25068b8110..e7ce80a479 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1251,10 +1251,15 @@
 # transmission, even if already crypt()d, to ensure it is 8-bit safe
 # when passed as JSON.
 #
+# Features:
+#
+# @user-auth: not permitted if agent is limiting user auth
+#
 # Since: 2.3
 ##
 { 'command': 'guest-set-user-password',
   'data': { 'username': 'str', 'password': 'str', 'crypted': 'bool' },
+  'features': [ 'user-auth' ],
   'if': { 'any': [ 'CONFIG_WIN32', 'CONFIG_LINUX', 'CONFIG_FREEBSD'] } }
 
 ##
@@ -1810,11 +1815,16 @@
 #
 # Returns: @GuestAuthorizedKeys
 #
+# Features:
+#
+# @user-auth: not permitted if agent is limiting user auth
+#
 # Since: 5.2
 ##
 { 'command': 'guest-ssh-get-authorized-keys',
   'data': { 'username': 'str' },
-  'returns': 'GuestAuthorizedKeys'
+  'returns': 'GuestAuthorizedKeys',
+  'features': [ 'user-auth' ]
 }
 
 ##
@@ -1830,10 +1840,15 @@
 #
 # @reset: ignore the existing content, set it with the given keys only
 #
+# Features:
+#
+# @user-auth: not permitted if agent is limiting user auth
+#
 # Since: 5.2
 ##
 { 'command': 'guest-ssh-add-authorized-keys',
-  'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' }
+  'data': { 'username': 'str', 'keys': ['str'], '*reset': 'bool' },
+  'features': [ 'user-auth' ]
 }
 
 ##
@@ -1848,10 +1863,15 @@
 # @keys: the public keys to remove (in OpenSSH/sshd(8) authorized_keys
 #     format)
 #
+# Features:
+#
+# @user-auth: not permitted if agent is limiting user auth
+#
 # Since: 5.2
 ##
 { 'command': 'guest-ssh-remove-authorized-keys',
-  'data': { 'username': 'str', 'keys': ['str'] }
+  'data': { 'username': 'str', 'keys': ['str'] },
+  'features': [ 'user-auth' ]
 }
 
 ##
-- 
2.45.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.