On 04/01/14 09:34, Ján Tomko wrote:
> This reduces the affect of an unexpected DoS vulnerablity in libvirtd.
> ---
>  include/libvirt/libvirt.h.in | 13 +++++++++++++
>  src/driver.h                 |  5 +++++
>  src/libvirt.c                | 32 +++++++++++++++++++++++++++++++
>  src/libvirt_private.syms     |  1 +
>  src/libvirt_public.syms      |  4 ++++
>  src/qemu/qemu_driver.c       | 16 ++++++++++++++++
>  src/remote/remote_driver.c   |  1 +
>  src/remote/remote_protocol.x | 15 ++++++++++++++-
>  src/util/virutil.c           | 23 ++++++++++++++++++++++
>  src/util/virutil.h           |  1 +
>  tools/virsh-host.c           | 45 
> ++++++++++++++++++++++++++++++++++++++++++++
>  11 files changed, 155 insertions(+), 1 deletion(-)
> 

...

> +
> +static bool
> +cmdCrash(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED)
> +{
> +    unsigned int flags = VIR_CONNECT_CRASH_RANDOM;
> +
> +    if (vshCommandOptBool(cmd, "null"))
> +        flags = VIR_CONNECT_CRASH_NULL_PTR;
> +    if (vshCommandOptBool(cmd, "doublefree"))
> +        flags = VIR_CONNECT_CRASH_DOUBLE_FREE;

The random crash method is not accessible here.

> +
> +    virConnectCrashDaemon(ctl->conn, flags);
> +    return true;
> +}
> +
>  const vshCmdDef hostAndHypervisorCmds[] = {
>      {.name = "capabilities",
>       .handler = cmdCapabilities,

I really like this API, this will allow us to decrease load on the
libvirt-security list and avoid us having to go through the tedious CVE
process for every little crasher.

Additionally it will help attackers to avoid having to look through
complex code paths to crash the daemon by presenting them with a very
userfriendly API!

ACK if you support the random crash method too ;)

Peter

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to