diff options
| author | Daniel P. Berrange <berrange@redhat.com> | 2013-10-10 13:09:08 +0100 |
|---|---|---|
| committer | Daniel P. Berrange <berrange@redhat.com> | 2013-10-21 14:03:52 +0100 |
| commit | 15c6588cf5a54b513b254a6e445b3a3e02ad17dd (patch) | |
| tree | bc6c8614e3e93a616692612bf09f52027d35be17 /generator.py | |
| parent | 90461df0cad131abf2abb8924360bab9dbc7f54b (diff) | |
| download | libvirt-python-v6-CVE-2013-4400-3.tar.gz libvirt-python-v6-CVE-2013-4400-3.tar.xz libvirt-python-v6-CVE-2013-4400-3.zip | |
Don't link virt-login-shell against libvirt.so (CVE-2013-4400)CVE-2013-4400-3
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.
The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.
Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'generator.py')
0 files changed, 0 insertions, 0 deletions