From 15c6588cf5a54b513b254a6e445b3a3e02ad17dd Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Thu, 10 Oct 2013 13:09:08 +0100
Subject: Don't link virt-login-shell against libvirt.so (CVE-2013-4400)

The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.

The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.

Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 Makefile.am | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile.am b/Makefile.am
index f327300..c9c2a8b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -20,6 +20,7 @@ INCLUDES = \
 	$(PYTHON_INCLUDES) \
 	-I$(top_builddir)/gnulib/lib \
 	-I$(top_srcdir)/gnulib/lib \
+	-I$(top_srcdir) \
 	-I$(top_builddir)/src \
 	-I$(top_srcdir)/src \
 	-I$(top_srcdir)/src/util \
-- 
cgit