diff options
| author | Bruce Rogers <brogers@suse.com> | 2016-08-02 11:36:02 -0600 |
|---|---|---|
| committer | hyokeun <hyokeun.jeon@samsung.com> | 2016-12-27 16:31:22 +0900 |
| commit | 16724ba452a5e4ca4fa339109971e19dc249f307 (patch) | |
| tree | 80cb13cf120cfa9c8962cd866f6f34b0cbee58e0 | |
| parent | 53af0002afe12465b3fd84158c84a8a040e00310 (diff) | |
| download | qemu-16724ba452a5e4ca4fa339109971e19dc249f307.tar.gz qemu-16724ba452a5e4ca4fa339109971e19dc249f307.tar.bz2 qemu-16724ba452a5e4ca4fa339109971e19dc249f307.zip | |
qemu-bridge-helper: reduce security profile
Change from using glib alloc and free routines to those
from libc. Also perform safety measure of dropping privs
to user if configured no-caps.
[BR: BOO#988279]
Signed-off-by: Bruce Rogers <brogers@suse.com>
| -rw-r--r-- | qemu-bridge-helper.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c index 830fb9e26..73ac49ba6 100644 --- a/qemu-bridge-helper.c +++ b/qemu-bridge-helper.c @@ -15,8 +15,6 @@ #include "qemu/osdep.h" -#include <glib.h> - #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/un.h> @@ -111,7 +109,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list) *argend = 0; if (strcmp(cmd, "deny") == 0) { - acl_rule = g_malloc(sizeof(*acl_rule)); + acl_rule = calloc(1, sizeof(*acl_rule)); + if (!acl_rule) { + fclose(f); + errno = ENOMEM; + return -1; + } if (strcmp(arg, "all") == 0) { acl_rule->type = ACL_DENY_ALL; } else { @@ -120,7 +123,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list) } QSIMPLEQ_INSERT_TAIL(acl_list, acl_rule, entry); } else if (strcmp(cmd, "allow") == 0) { - acl_rule = g_malloc(sizeof(*acl_rule)); + acl_rule = calloc(1, sizeof(*acl_rule)); + if (!acl_rule) { + fclose(f); + errno = ENOMEM; + return -1; + } if (strcmp(arg, "all") == 0) { acl_rule->type = ACL_ALLOW_ALL; } else { @@ -414,6 +422,17 @@ int main(int argc, char **argv) goto cleanup; } +#ifndef CONFIG_LIBCAP + /* avoid sending the fd as root user if running suid to not fool + * peer credentials to daemons that dont expect that + */ + if (setuid(getuid()) < 0) { + fprintf(stderr, "Failed to drop privileges.\n"); + ret = EXIT_FAILURE; + goto cleanup; + } +#endif + /* write fd to the domain socket */ if (send_fd(unixfd, fd) == -1) { fprintf(stderr, "failed to write fd to unix socket: %s\n", @@ -435,7 +454,7 @@ cleanup: } while ((acl_rule = QSIMPLEQ_FIRST(&acl_list)) != NULL) { QSIMPLEQ_REMOVE_HEAD(&acl_list, entry); - g_free(acl_rule); + free(acl_rule); } return ret; |