Only allow 'stderr' log output when running setuid (CVE-2013-4400)
authorDaniel P. Berrange <berrange@redhat.com>
Wed, 9 Oct 2013 09:59:36 +0000 (10:59 +0100)
committerDaniel P. Berrange <berrange@redhat.com>
Mon, 21 Oct 2013 13:20:31 +0000 (14:20 +0100)
commitbd047ba666122fd57f6cb39ac5795449d5ff26d2
treea05707c1fe8c941ec89fbecc17552fcc8146d18f
parent7faae9d9fa9a3f8b5d26d41821043aea8079303d
Only allow 'stderr' log output when running setuid (CVE-2013-4400)

We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994)
src/util/virlog.c