Overview

File b7fcc799a-CVE-2013-4400.patch of Package libvirt.openSUSE_13.1_Update

commit b7fcc799ad5d8f3e55b89b94e599903e3c092467
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Wed Oct 9 15:14:34 2013 +0100

    Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
    
    We don't want to inherit any FDs in the new namespace
    except for the stdio FDs. Explicitly close them all,
    just in case some do not have the close-on-exec flag
    set.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Index: libvirt-1.1.2/tools/virt-login-shell.c
===================================================================
--- libvirt-1.1.2.orig/tools/virt-login-shell.c
+++ libvirt-1.1.2/tools/virt-login-shell.c
@@ -313,6 +313,18 @@ main(int argc, char **argv)
     if (cpid == 0) {
         pid_t ccpid;
 
+        int openmax = sysconf(_SC_OPEN_MAX);
+        int fd;
+        if (openmax < 0) {
+            virReportSystemError(errno,  "%s",
+                                 _("sysconf(_SC_OPEN_MAX) failed"));
+            return EXIT_FAILURE;
+        }
+        for (fd = 3; fd < openmax; fd++) {
+            int tmpfd = fd;
+            VIR_MASS_CLOSE(tmpfd);
+        }
+
         /* Fork once because we don't want to affect
          * virt-login-shell's namespace itself
          */
openSUSE Build Service is sponsored by
Places