Only allow 'stderr' log output when running setuid (CVE-2013-4400) CVE-2013-4400-1
authorDaniel P. Berrange <berrange@redhat.com>
Wed, 9 Oct 2013 09:59:36 +0000 (10:59 +0100)
committerDaniel P. Berrange <berrange@redhat.com>
Mon, 21 Oct 2013 13:03:52 +0000 (14:03 +0100)
commit8c3586ea755c40d5e01b22cb7b5c1e668cdec994
treebd912922b103234767e87048c69e67d1f7fbef00
parentae53e5d10e434e07079d7e3ba11ec654ba6a256e
Only allow 'stderr' log output when running setuid (CVE-2013-4400)

We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
src/util/virlog.c