File b196f8fc-CVE-2020-15708-doc.patch of Package libvirt.21389

libvirtd.conf: Add a note about polkit auth in SUSE

Polkit auth is enabled by default in SUSE distros. As a result,
libvirt's read-write socket has SocketMode=0666. This would
result in an insecure configuration if the user were to disable
polkit. Add a note warning the user to change SocketMode if
disabling polkit auth. See bsc#1174955 for more details.

CVE-2020-15708

Inspired by upstream commit b196f8fcdd
Index: libvirt-6.0.0/src/remote/libvirtd.conf.in
===================================================================
--- libvirt-6.0.0.orig/src/remote/libvirtd.conf.in
+++ libvirt-6.0.0/src/remote/libvirtd.conf.in
@@ -145,20 +145,29 @@
 #            is allowed read/only access.
 #
 # Set an authentication scheme for UNIX read-only sockets
+#
 # By default socket permissions allow anyone to connect
 #
-# To restrict monitoring of domains you may wish to enable
-# an authentication mechanism here
-#auth_unix_ro = "none"
+# SUSE note:
+# Polkit is the default authentication scheme for the read-only
+# socket. libvirt will authenticate read-only socket connections
+# with polkit, but the default polkit policy allows any local
+# user access to libvirt's monitoring APIs.
+#
+# To restrict monitoring of domains you may wish to either
+# enable 'sasl' here, or change the polkit policy definition.
+#auth_unix_ro = "polkit"
 
 # Set an authentication scheme for UNIX read-write sockets
-# By default socket permissions only allow root. If PolicyKit
-# support was compiled into libvirt, the default will be to
-# use 'polkit' auth.
 #
-# If the unix_sock_rw_perms are changed you may wish to enable
-# an authentication mechanism here
-#auth_unix_rw = "none"
+# SUSE note:
+# Polkit is the default authentication scheme for the read-write
+# socket. The systemd .socket file uses SocketMode=0666, which
+# allows any user to connect. However, the default polkit policy
+# will only authenticate the root user. If you disable use of
+# 'polkit' here, then it is essential to change the systemd
+# SocketMode parameter to 0600 to avoid an insecure configuration.
+#auth_unix_rw = "polkit"
 @CUT_ENABLE_IP@
 
 # Change the authentication scheme for TCP sockets.
Index: libvirt-6.0.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-6.0.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-6.0.0/src/remote/test_libvirtd.aug.in
@@ -14,8 +14,8 @@ module Test_@DAEMON_NAME@ =
         { "unix_sock_rw_perms" = "0770" }
         { "unix_sock_admin_perms" = "0700" }
         { "unix_sock_dir" = "@runstatedir@/libvirt" }
-        { "auth_unix_ro" = "none" }
-        { "auth_unix_rw" = "none" }
+        { "auth_unix_ro" = "polkit" }
+        { "auth_unix_rw" = "polkit" }
 @CUT_ENABLE_IP@
         { "auth_tcp" = "sasl" }
         { "auth_tls" = "none" }