Add missing checks for read only connections CVE-2011-1146
authorGuido Günther <agx@sigxcpu.org>
Mon, 14 Mar 2011 02:56:28 +0000 (10:56 +0800)
committerDaniel Veillard <veillard@redhat.com>
Mon, 14 Mar 2011 02:56:28 +0000 (10:56 +0800)
commit71753cb7f7a16ff800381c0b5ee4e99eea92fed3
tree0f1c2d3a23c18709c01cfef7a2debb01315fe9c9
parent13c00dde3171b3a38d23cceb3f9151cb6cac3dad
Add missing checks for read only connections

As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
  - virConnectDomainXMLToNative
  - virNodeDeviceDettach
  - virNodeDeviceReAttach
  - virNodeDeviceReset
  - virDomainRevertToSnapshot
  - virDomainSnapshotDelete

* src/libvirt.c: fix the above set of entry points to error on read-only
                 connections
src/libvirt.c