File 96f41cd7-admin-reject-clients.patch of Package libvirt.11700
>From a7b2ad110fbf08c0a6f568bd9cb8d98f0c72febc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 30 Apr 2019 17:26:13 +0100
Subject: [PATCH 1/6] admin: reject clients unless their UID matches the
current UID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
Index: libvirt-5.1.0/src/admin/admin_server_dispatch.c
===================================================================
--- libvirt-5.1.0.orig/src/admin/admin_server_dispatch.c
+++ libvirt-5.1.0/src/admin/admin_server_dispatch.c
@@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr
void *opaque)
{
struct daemonAdmClientPrivate *priv;
+ uid_t clientuid;
+ gid_t clientgid;
+ pid_t clientpid;
+ unsigned long long timestamp;
+
+ if (virNetServerClientGetUNIXIdentity(client,
+ &clientuid,
+ &clientgid,
+ &clientpid,
+ ×tamp) < 0)
+ return NULL;
+
+ VIR_DEBUG("New client pid %lld uid %lld",
+ (long long)clientpid,
+ (long long)clientuid);
+
+ if (geteuid() != clientuid) {
+ virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
+ (long long)clientpid,
+ (long long)clientuid);
+ return NULL;
+ }
if (VIR_ALLOC(priv) < 0)
return NULL;