| Reported on: | 20081212 |
|---|---|
| Published on: | 20081217 |
| Fixed on: | 20081217 |
| Reported by: | Daniel P. Berrange |
|---|---|
| Patched by: | Daniel P. Berrange |
The APIs virDomainMigrate, virDomainBlockPeek, virDomainMemoryPeek, virDomainSetAutostart, virNetworkSetAutostart, virConnectFindStoragePoolSources and virStoragePoolSetAutostart did not check the read-only flag of the connection. This allowed unprivileged users to invoke APIs that they should not have access to.
The default libvirt configuration allows all local user accounts read-only access to the libvirtd daemon. Any local user can migrate a running virtual machine to a host of their choice. Any local user can change whether virtual machines, networks or storage pools started automatically on boot. Any local user can trigger discovery of storage pools. Any local user can peek into the disk image or memory of running guests.
Edit the /etc/libvirt/libvirtd.conf configuration file, to set the 'unix_sock_ro_perms = "0700"' to prevent local users from connecting to libvirt. Alternatively setup a policy kit rule to prevent them access without first authenticating as root.
| Branch | master |
|---|---|
| Broken in: | v0.2.1 |
| Broken in: | v0.2.2 |
| Broken in: | v0.2.3 |
| Broken in: | v0.3.0 |
| Broken in: | v0.3.1 |
| Broken in: | v0.3.2 |
| Broken in: | v0.3.3 |
| Broken in: | v0.4.1 |
| Broken in: | v0.4.2 |
| Broken in: | v0.4.4 |
| Broken in: | v0.4.6 |
| Broken in: | v0.5.0 |
| Broken in: | v0.5.1 |
| Fixed in: | v0.6.0 |
| Broken by: | 57a18198814f80b1397e1a14d33746034b9dbd5c |
| Broken by: | 81005437f4e860d6d65243473c593e4335193b13 |
| Broken by: | cb228a0e24266f43dbab208bd38965e511f714ee |
| Broken by: | 8354895e681e8aee9bfa0290cb98123858165b91 |
| Broken by: | 6bcf25017bc66ef866768c7a827dfe03c96638f0 |
| Broken by: | 39c9354c5ce87e1205f41af4737f970aa4f6e5dd |
| Fixed by: | 53611889ff93c442028828c70472151a7cf1bf4d |