Only allow 'stderr' log output when running setuid (CVE-2013-4400)
authorDaniel P. Berrange <berrange@redhat.com>
Wed, 9 Oct 2013 09:59:36 +0000 (10:59 +0100)
committerDaniel P. Berrange <berrange@redhat.com>
Mon, 21 Oct 2013 13:18:53 +0000 (14:18 +0100)
commitd8accf54e310b90bd8794edd2d6d1f7d74bb421d
treefe7d288af474c45000402a8f0825e0dbfeb87f60
parent25ebb2f8bb35611509927c5ca02dcd72caec3751
Only allow 'stderr' log output when running setuid (CVE-2013-4400)

We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994)
src/util/virlog.c