Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
authorDaniel P. Berrange <berrange@redhat.com>
Thu, 3 Oct 2013 15:37:57 +0000 (16:37 +0100)
committerDaniel P. Berrange <berrange@redhat.com>
Mon, 21 Oct 2013 13:30:24 +0000 (14:30 +0100)
commita0e5e40501a6ab608f85af878f6af9d52e5db0c7
tree947a1938aa59e11d86ed48ff5bfbcb0bc7f7ebbd
parent5f732bac8ebefe625838031a85751519447b83bf
Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)

The virConnectDomainXMLToNative API should require 'connect:write'
not 'connect:read', since it will trigger execution of the QEMU
binaries listed in the XML.

Also make virConnectDomainXMLFromNative API require a full
read-write connection and 'connect:write' permission. Although the
current impl doesn't trigger execution of QEMU, we should not
rely on that impl detail from an API permissioning POV.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c)
src/libvirt.c
src/remote/remote_protocol.x