File b196f8fc-CVE-2020-15708-doc.patch of Package libvirt.16761

libvirtd.conf: Add a note about polkit auth in SUSE

Polkit auth is enabled by default in SUSE distros. As a result,
libvirt's read-write socket has SocketMode=0666. This would
result in an insecure configuration if the user were to disable
polkit. Add a note warning the user to change SocketMode if
disabling polkit auth. See bsc#1174955 for more details.

CVE-2020-15708

Inspired by upstream commit b196f8fcdd
Index: libvirt-5.1.0/src/remote/libvirtd.conf
===================================================================
--- libvirt-5.1.0.orig/src/remote/libvirtd.conf
+++ libvirt-5.1.0/src/remote/libvirtd.conf
@@ -134,20 +134,29 @@
 #            is allowed read/only access.
 #
 # Set an authentication scheme for UNIX read-only sockets
+#
 # By default socket permissions allow anyone to connect
 #
-# To restrict monitoring of domains you may wish to enable
-# an authentication mechanism here
-#auth_unix_ro = "none"
+# SUSE note:
+# Polkit is the default authentication scheme for the read-only
+# socket. libvirt will authenticate read-only socket connections
+# with polkit, but the default polkit policy allows any local
+# user access to libvirt's monitoring APIs.
+#
+# To restrict monitoring of domains you may wish to either
+# enable 'sasl' here, or change the polkit policy definition.
+#auth_unix_ro = "polkit"
 
 # Set an authentication scheme for UNIX read-write sockets
-# By default socket permissions only allow root. If PolicyKit
-# support was compiled into libvirt, the default will be to
-# use 'polkit' auth.
-#
-# If the unix_sock_rw_perms are changed you may wish to enable
-# an authentication mechanism here
-#auth_unix_rw = "none"
+#
+# SUSE note:
+# Polkit is the default authentication scheme for the read-write
+# socket. The permissions of unix_sock_rw_perms is set to 0777,
+# which allows any user to connect. However, the default polkit
+# policy will only authenticate the root user. If you disable use
+# of 'polkit' here, then it is essential to change
+# unix_sock_rw_perms to 0600 to avoid an insecure configuration.
+#auth_unix_rw = "polkit"
 
 # Change the authentication scheme for TCP sockets.
 #
Index: libvirt-5.1.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-5.1.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-5.1.0/src/remote/test_libvirtd.aug.in
@@ -14,8 +14,8 @@ module Test_libvirtd =
         { "unix_sock_rw_perms" = "0770" }
         { "unix_sock_admin_perms" = "0700" }
         { "unix_sock_dir" = "/var/run/libvirt" }
-        { "auth_unix_ro" = "none" }
-        { "auth_unix_rw" = "none" }
+        { "auth_unix_ro" = "polkit" }
+        { "auth_unix_rw" = "polkit" }
         { "auth_tcp" = "sasl" }
         { "auth_tls" = "none" }
         { "access_drivers"
openSUSE Build Service is sponsored by