On Tue, Apr 01, 2014 at 09:44:16AM +0200, Peter Krempa wrote:
On 04/01/14 09:34, Ján Tomko wrote:
This reduces the affect of an unexpected DoS vulnerablity in libvirtd.
---
 include/libvirt/libvirt.h.in | 13 +++++++++++++
 src/driver.h                 |  5 +++++
 src/libvirt.c                | 32 +++++++++++++++++++++++++++++++
 src/libvirt_private.syms     |  1 +
 src/libvirt_public.syms      |  4 ++++
 src/qemu/qemu_driver.c       | 16 ++++++++++++++++
 src/remote/remote_driver.c   |  1 +
 src/remote/remote_protocol.x | 15 ++++++++++++++-
 src/util/virutil.c           | 23 ++++++++++++++++++++++
 src/util/virutil.h           |  1 +
 tools/virsh-host.c           | 45 ++++++++++++++++++++++++++++++++++++++++++++
 11 files changed, 155 insertions(+), 1 deletion(-)


...

+
+static bool
+cmdCrash(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED)
+{
+    unsigned int flags = VIR_CONNECT_CRASH_RANDOM;
+
+    if (vshCommandOptBool(cmd, "null"))
+        flags = VIR_CONNECT_CRASH_NULL_PTR;
+    if (vshCommandOptBool(cmd, "doublefree"))
+        flags = VIR_CONNECT_CRASH_DOUBLE_FREE;

The random crash method is not accessible here.

+
+    virConnectCrashDaemon(ctl->conn, flags);
+    return true;
+}
+
 const vshCmdDef hostAndHypervisorCmds[] = {
     {.name = "capabilities",
      .handler = cmdCapabilities,

I really like this API, this will allow us to decrease load on the
libvirt-security list and avoid us having to go through the tedious CVE
process for every little crasher.

Additionally it will help attackers to avoid having to look through
complex code paths to crash the daemon by presenting them with a very
userfriendly API!


Unfortunately, this is not true if the daemon does not have a qemu
driver since it is implemented only in there.  This should rather be a
method in daemon/remote.c which would make it available in the daemon
without any particular driver.

Also, this should have @priority: high, not specifying the priority
makes it default to low which you really don't want to since it would
not be available if no priority workers are available.

Looking forward to v2 (in one year, is it?) :-)

Martin

ACK if you support the random crash method too ;)

Peter




--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to