NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't link virt-login-shell against libvirt.so (CVE-2013-4400)

Browse Source 
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
2013-10-10 13:09:08 +01:00
parent b7fcc799ad
commit 3e2f27e13b
12 changed files with 153 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/Makefile.am
View File

@@ -20,6 +20,7 @@ INCLUDES = \
$(PYTHON_INCLUDES) \
-I$(top_builddir)/gnulib/lib \
-I$(top_srcdir)/gnulib/lib \
-I$(top_srcdir) \
-I$(top_builddir)/src \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \